Overview
- Description
- A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise prior to 3.15 and was fixed in versions 3.14.3, 3.13.6, 3.12.11, and 3.11.17. This vulnerability was reported via the GitHub Bug Bounty program.
- Source
- product-cna@github.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
Weaknesses
- product-cna@github.com
- CWE-59
Social media
- Hype score
- Not currently trending
🚨 CVE-2024-10007 (Published: 2024-11-07) - High severity vulnerability in GitHub Enterprise Server v3.14.3. Affects multiple CVEs: CVE-2024-0487, CVE-2024-9539, CVE-2024-8810, CVE-2024-8770. Remediation: Update to the latest version to mitigate risks. More info:… https://t.co/bl
@transilienceai
11 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10007 (Published: 2024-11-07) - High severity vulnerability in GitHub Enterprise Server versions affected. Ensure you update to version 3.14.3 to remediate this issue. For more details, check the release notes: https://t.co/q4RWkQ4oS4 #CyberSecurity #GitHub
@transilienceai
11 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10007 (Published: 2024-11-07) - Critical vulnerability in GitHub Enterprise Server versions prior to 3.13.6. Ensure your systems are updated to mitigate risks. For detailed remediation steps, check the release notes: https://t.co/HBfJaKOvUe #CyberSecurity #GitHub
@transilienceai
11 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10007 (Published: 2024-11-07) affects GitHub Enterprise Server versions prior to 3.12.11. To mitigate risks, upgrade to the latest version as detailed in the release notes: https://t.co/peOPlrNOM8. Stay secure! 🔒 #CyberSecurity #GitHub
@transilienceai
11 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10007 (Published: 2024-11-07) - High severity vulnerability in GitHub Enterprise Server versions prior to 3.11.17. Ensure your systems are updated to this version to mitigate potential exploits. For detailed remediation steps, check the release notes:… https://t.co/5f
@transilienceai
11 Nov 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10007: HIGH] GitHub Enterprise Server had a critical vulnerability allowing container escape and privilege escalation. All versions before 3.15 were impacted. Ensure you update to versions 3.14.3, 3.13....#cybersecurity,#vulnerability https://t.co/RnCfMzWY6U https://t.c
@CveFindCom
7 Nov 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10007 A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape and privilege escalation to root … https://t.co/W0Pq7RD1bW
@CVEnew
7 Nov 2024
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes