CVE-2024-0507

Summary

An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.

Affected Software

VendorProductVersion RangeStatus
GitHubEnterprise Server3.8.0 <= 3.8.12affected
GitHubEnterprise Server3.9.0 <= 3.9.7affected
GitHubEnterprise Server3.10.0 <= 3.10.4affected
GitHubEnterprise Server3.11.0 <= 3.11.2affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References