GitHub Enterprise Server Path Collision Vulnerability
CVE-2024-10007
Currently unrated
What is CVE-2024-10007?
A vulnerability exists in GitHub Enterprise Server that could allow for a path collision and arbitrary code execution, potentially enabling an attacker with Enterprise Administrator access to escape container restrictions and escalate privileges to root. This issue impacts all versions of GitHub Enterprise Server prior to 3.15, but it has been addressed in fixed versions 3.14.3, 3.13.6, 3.12.11, and 3.11.17. The vulnerability was initially reported through the proactive GitHub Bug Bounty program, emphasizing the importance of ongoing vulnerability management in software development and deployment.
Affected Version(s)
Enterprise Server 3.11.0 <= 3.11.16
Enterprise Server 3.11.0 <= 3.11.16
Enterprise Server 3.12.0 <= 3.12.10