Improper Privilege Management in GitHub Enterprise Server
CVE-2024-5566

6.5MEDIUM

Key Information:

Vendor: Github
Status: Enterprise Server
Vendor: CVE Published:; 16 July 2024

Summary

A vulnerability in GitHub Enterprise Server allows users to migrate private repositories without the necessary permissions, due to inadequate management of access tokens. This issue affects all versions prior to 3.14 and raises concerns over the security of repository data. Remediation was implemented in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17 to prevent unauthorized access.

References

https://docs.github.com/en/[email protected]/admin/re...

https://docs.github.com/en/[email protected]/admin/r...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2024