VYPR
Unrated severityNVD Advisory· Published Jan 16, 2024· Updated Oct 22, 2024

Privilege Escalation by Code Injection in the Management Console in GitHub Enterprise Server

CVE-2024-0507

Description

An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • GitHub/Enterprise Serverllm-fuzzy2 versions
    >=3.8.0-0 <=3.8.13-0, >=3.9.0-0 <=3.9.8-0, >=3.10.0-0 <=3.10.5-0, >=3.11.0-0 <=3.11.3-0+ 1 more
    • (no CPE)range: >=3.8.0-0 <=3.8.13-0, >=3.9.0-0 <=3.9.8-0, >=3.10.0-0 <=3.10.5-0, >=3.11.0-0 <=3.11.3-0
    • (no CPE)range: 3.8.0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.