Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed GitHub Apps to grant themselves write access
CVE-2024-8810

Currently unrated

Key Information:

Vendor: Github
Status: Enterprise Server
Vendor: CVE Published:; 7 November 2024

Summary

A significant vulnerability exists within GitHub Enterprise Server that permits a GitHub App to gain elevated permissions from read to write without the explicit consent of the organization administrator. This risk is particularly serious as it requires only an account with administrator access to install a malicious App, which could compromise organizational security and data integrity. All versions preceding 3.14 are susceptible to this vulnerability, which was addressed in the releases 3.14.1, 3.13.4, 3.12.9, 3.11.15, and 3.10.17.

Affected Version(s)

Enterprise Server 3.10.0 <= 3.10.16

Enterprise Server 3.11.0 <= 3.11.14

References

https://docs.github.com/en/[email protected]/admin/r...

Timeline

Vulnerability published
Nov 7, 2024

Credit

ahacker1