Denial of Service Vulnerability in GitHub Enterprise Server
CVE-2024-5795

6.5MEDIUM

Key Information:

Vendor: Github
Status: Enterprise Server
Vendor: CVE Published:; 16 July 2024

Summary

A Denial of Service vulnerability in GitHub Enterprise Server allowed attackers to exploit the server by sending a large payload, resulting in unbounded resource exhaustion. This vulnerability impacted all versions prior to 3.14, necessitating updates to versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17 to mitigate potential threats. The vulnerability was responsibly disclosed through the GitHub Bug Bounty program, highlighting the importance of regular updates and security assessments.

References

https://docs.github.com/en/[email protected]/admin/re...

https://docs.github.com/en/[email protected]/admin/r...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2024