Vulnerability Description
An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Github | Enterprise Server | >= 3.9.0, < 3.9.17 |
Related Weaknesses (CWE)
References
- https://docs.github.com/en/[email protected]/admin/release-notes#3.10.14Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.11.10Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.12.6Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.13.1Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.9.17Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.10.14Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.11.10Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.12.6Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.13.1Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.9.17Release Notes
FAQ
What is CVE-2024-5566?
CVE-2024-5566 is a vulnerability with a CVSS score of 5.8 (MEDIUM). An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected...
How severe is CVE-2024-5566?
CVE-2024-5566 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-5566?
Check the references section above for vendor advisories and patch information. Affected products include: Github Enterprise Server.