Lucene search

GitHub_PCVELIST:CVE-2024-2748

HistoryMar 20, 2024 - 11:09 p.m.

CVE-2024-2748 CSRF vulnerability was identified in GitHub Enterprise Server that allowed performing actions on behalf of a user

2024-03-2023:09:40

CWE-352

GitHub_P

www.cve.org

github

csrf

vulnerability

unauthorized actions

user interaction

bug bounty

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Enterprise Server",
    "vendor": "GitHub ",
    "versions": [
      {
        "changes": [
          {
            "at": "3.12.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.12.0",
        "status": "affected",
        "version": "3.12",
        "versionType": "semver"
      }
    ]
  }
]

References

docs.github.com/en/[email protected]/admin/release-notes/#3.12.1

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2024-2748