CVE-2024-2748
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| github | enterprise_server | * | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub ",
"versions": [
{
"changes": [
{
"at": "3.12.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.0",
"status": "affected",
"version": "3.12",
"versionType": "semver"
}
]
}
]
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%