Remote Code Execution Vulnerability Affects GitHub Enterprise Server

CVE-2024-2469

8HIGH

Key Information

Vendor: Github
Status: Enterprise Server
Vendor: CVE Published:; 20 March 2024

Summary

An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.

Affected Version(s)

Enterprise Server <= 3.8.16

Enterprise Server <= 3.9.11

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Mar 20, 2024
Vulnerability Reserved.
Mar 14, 2024

Collectors

NVD DatabaseMitre Database

Credit

inspector-ambitious