CVE-2024-10824

Published Nov 7, 2024

Last updated 9 days ago

CVSS medium 6.0

Overview

Description
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token (PAT) and required that secret scanning be enabled on user-owned repositories. This vulnerability affected GitHub Enterprise Server versions after 3.13.0 but prior to 3.14.0 and was fixed in version 3.13.2.
Source
product-cna@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
6
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Amber
Severity
MEDIUM

Weaknesses

product-cna@github.com
CWE-862

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-10824 (Published: 2024-11-07) - A high-severity vulnerability affecting GitHub Enterprise Server versions prior to 3.13.2. Ensure your systems are updated to mitigate risks. For detailed remediation steps, check the release notes: https://t.co/4tLVXeG4DL… https://t.co

    @transilienceai

    9 Nov 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References