Remote Code Execution Vulnerability Affects GitHub Enterprise Server

CVE-2024-2469

8HIGH

Key Information

Vendor
Github
Status
Enterprise Server
Vendor
CVE Published:
20 March 2024

Summary

An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.

Affected Version(s)

Enterprise Server <= 3.8.16

Enterprise Server <= 3.8.16

Enterprise Server <= 3.9.11

Refferences

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

inspector-ambitious
.