CVE-2024-5566: Improper Privilege Management allows for access to unauthorized repository content during migration
First published: Tue Jul 16 2024(Updated: )
An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.
Credit: product-cna@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitHub Enterprise Server | >=3.9.0<3.9.17 | |
| GitHub Enterprise Server | >=3.10.0<3.10.14 | |
| GitHub Enterprise Server | >=3.11.0<3.11.12 | |
| GitHub Enterprise Server | >=3.12.0<3.12.6 | |
| GitHub Enterprise Server | =3.13.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17
- https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14
- https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10
- https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6
- https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- vendor/github
- canonical/github enterprise server
- version/github enterprise server/3.9.0
- version/github enterprise server/3.10.0
- version/github enterprise server/3.11.0
- version/github enterprise server/3.12.0
- version/github enterprise server/3.13.0