Vulnerability Description
An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Github | Enterprise Server | < 3.8.13 |
Related Weaknesses (CWE)
References
- https://docs.github.com/en/[email protected]/admin/release-notes#3.10.5Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.11.3Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.8.13Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.9.8Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.10.5Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.11.3Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.8.13Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.9.8Release Notes
FAQ
What is CVE-2024-0507?
CVE-2024-0507 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affe...
How severe is CVE-2024-0507?
CVE-2024-0507 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-0507?
Check the references section above for vendor advisories and patch information. Affected products include: Github Enterprise Server.