What is the severity of CVE-2024-5815?

CVE-2024-5815 has been rated as a high-severity vulnerability due to the potential for unauthorized write operations on victim-owned repositories.

How do I fix CVE-2024-5815?

To fix CVE-2024-5815, update your GitHub Enterprise Server to version 3.9.17, 3.10.14, 3.11.12 or later versions that address this vulnerability.

Who is affected by CVE-2024-5815?

CVE-2024-5815 affects users of GitHub Enterprise Server versions from 3.9.0 to 3.9.17, 3.10.0 to 3.10.14, 3.11.0 to 3.11.12, and 3.12.0 to 3.12.6, along with version 3.13.0.

What type of vulnerability is CVE-2024-5815?

CVE-2024-5815 is classified as a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to perform write operations on repositories.

What are the prerequisites for exploiting CVE-2024-5815?

An attacker exploiting CVE-2024-5815 must be a trusted user of the GitHub Enterprise Server that the victim also has access to.

Vulnerability/
CVE-2024-5815

medium

6.8

CWE

352

EPSS

0.045%

16/7/2024

17/9/2024

CVE-2024-5815: Cross Site Request Forgery was identified in GitHub Enterprise Server that allowed write in a user owned repository

First published: Tue Jul 16 2024(Updated: )

A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit a tag in the attacker's fork of their own repository. vulnerability affected all versions of GitHub Enterprise Server prior 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.

Credit: product-cna@github.com

Affected Software	Affected Version	How to fix
GitHub Enterprise	>=3.9.0<3.9.17
GitHub Enterprise	>=3.10.0<3.10.14
GitHub Enterprise	>=3.11.0<3.11.12
GitHub Enterprise	>=3.12.0<3.12.6
GitHub Enterprise	=3.13.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-5815?
CVE-2024-5815 has been rated as a high-severity vulnerability due to the potential for unauthorized write operations on victim-owned repositories.
How do I fix CVE-2024-5815?
To fix CVE-2024-5815, update your GitHub Enterprise Server to version 3.9.17, 3.10.14, 3.11.12 or later versions that address this vulnerability.
Who is affected by CVE-2024-5815?
CVE-2024-5815 affects users of GitHub Enterprise Server versions from 3.9.0 to 3.9.17, 3.10.0 to 3.10.14, 3.11.0 to 3.11.12, and 3.12.0 to 3.12.6, along with version 3.13.0.
What type of vulnerability is CVE-2024-5815?
CVE-2024-5815 is classified as a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to perform write operations on repositories.
What are the prerequisites for exploiting CVE-2024-5815?
An attacker exploiting CVE-2024-5815 must be a trusted user of the GitHub Enterprise Server that the victim also has access to.

agent/weakness
agent/references
agent/title
agent/type
agent/first-publish-date
agent/description
agent/author
agent/event
collector/mitre-cve
source/MITRE
collector/epss-latest
source/FIRST
agent/epss
agent/last-modified-date
agent/severity
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/github
canonical/github enterprise
version/github enterprise/3.9.0
version/github enterprise/3.10.0
version/github enterprise/3.11.0
version/github enterprise/3.12.0
version/github enterprise/3.13.0