Overview
- Description
- A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.1, 3.13.4, 3.12.9, 3.11.15, and 3.10.17. This vulnerability was reported via the GitHub Bug Bounty program.
- Source
- product-cna@github.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:U/V:C/RE:L/U:Amber
- Severity
- HIGH
Weaknesses
- product-cna@github.com
- CWE-269
Social media
- Hype score
- Not currently trending
🚨 CVE-2024-10007 (Published: 2024-11-07) - High severity vulnerability in GitHub Enterprise Server v3.14.3. Affects multiple CVEs: CVE-2024-0487, CVE-2024-9539, CVE-2024-8810, CVE-2024-8770. Remediation: Update to the latest version to mitigate risks. More info:… https://t.co/bl
@transilienceai
11 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-8810: HIGH] Vulnerability in GitHub Enterprise Server allowed unauthorized permissions upgrade. Fixed in versions 3.14.1, 3.13.4, 3.12.9, 3.11.15, and 3.10.17. Reported through the Bug Bounty program.#cybersecurity,#vulnerability https://t.co/aECPC7Y1O1 https://t.co/Tbg
@CveFindCom
7 Nov 2024
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes