Vulnerability Description
An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Github | Enterprise Server | >= 3.10.0, < 3.10.17 |
Related Weaknesses (CWE)
References
- https://docs.github.com/en/[email protected]/admin/release-notes#3.10.17Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.11.15Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.12.9Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.13.4Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.14.1Release Notes
FAQ
What is CVE-2024-8263?
CVE-2024-8263 is a vulnerability with a CVSS score of 2.7 (LOW). An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of Gi...
How severe is CVE-2024-8263?
CVE-2024-8263 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-8263?
Check the references section above for vendor advisories and patch information. Affected products include: Github Enterprise Server.