What is the severity of CVE-2024-2748?

CVE-2024-2748 is categorized as a Cross Site Request Forgery vulnerability in GitHub Enterprise Server.

How do I fix CVE-2024-2748?

To fix CVE-2024-2748, ensure that you apply the latest security update provided by GitHub for Enterprise Server.

What actions can an attacker perform using CVE-2024-2748?

An attacker can execute unauthorized actions on behalf of an unsuspecting user due to the Cross Site Request Forgery vulnerability.

Is user interaction required for CVE-2024-2748 exploitation?

Yes, user interaction is required for the exploitation of CVE-2024-2748.

Which software versions are affected by CVE-2024-2748?

CVE-2024-2748 affects GitHub Enterprise Server, but specific version details should be reviewed in the security advisory.

Vulnerability/
CVE-2024-2748

medium

4.3

CWE

352

EPSS

0.043%

20/3/2024

2/8/2024

CVE-2024-2748: CSRF vulnerability was identified in GitHub Enterprise Server that allowed performing actions on behalf of a user

First published: Wed Mar 20 2024(Updated: )

A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.

Credit: product-cna@github.com

Affected Software	Affected Version	How to fix
GitHub Enterprise

Never miss a vulnerability like this again

Reference Links

https://docs.github.com/en/enterprise-server@3.12/admin/release-notes/#3.12.1

Frequently Asked Questions

What is the severity of CVE-2024-2748?
CVE-2024-2748 is categorized as a Cross Site Request Forgery vulnerability in GitHub Enterprise Server.
How do I fix CVE-2024-2748?
To fix CVE-2024-2748, ensure that you apply the latest security update provided by GitHub for Enterprise Server.
What actions can an attacker perform using CVE-2024-2748?
An attacker can execute unauthorized actions on behalf of an unsuspecting user due to the Cross Site Request Forgery vulnerability.
Is user interaction required for CVE-2024-2748 exploitation?
Yes, user interaction is required for the exploitation of CVE-2024-2748.
Which software versions are affected by CVE-2024-2748?
CVE-2024-2748 affects GitHub Enterprise Server, but specific version details should be reviewed in the security advisory.

agent/references
agent/title
agent/weakness
agent/type
agent/first-publish-date
agent/description
collector/nvd-api
source/NVD
agent/author
agent/severity
agent/event
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/github
canonical/github enterprise

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.