Vulnerability Description
A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.1, 3.13.4, 3.12.9, 3.11.15, and 3.10.17. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Github | Enterprise Server | >= 3.10.0, < 3.10.17 |
Related Weaknesses (CWE)
References
- https://docs.github.com/en/[email protected]/admin/release-notes#3.10.17Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.11.15Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.12.9Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.13.4Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.14.1Release Notes
FAQ
What is CVE-2024-8810?
CVE-2024-8810 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administ...
How severe is CVE-2024-8810?
CVE-2024-8810 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-8810?
Check the references section above for vendor advisories and patch information. Affected products include: Github Enterprise Server.