Lucene search
HistorySep 23, 2024 - 9:15 p.m.
CVE-2024-8770
cross-site scripting
github enterprise server
sensitive information theft
social engineering
bug bounty program
A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering.ย This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1.ย This vulnerability was reported via the GitHub Bug Bounty program.
References
docs.github.com/en/[email protected]/admin/release-notes#3.10.17
docs.github.com/en/[email protected]/admin/release-notes#3.11.15
docs.github.com/en/[email protected]/admin/release-notes#3.12.9
docs.github.com/en/[email protected]/admin/release-notes#3.13.4
docs.github.com/en/[email protected]/admin/release-notes#3.14.1
Related
cvelist
cvelist
CVE-2024-8770
2024-09-23 20:09:01
vulnrichment
vulnrichment
CVE-2024-8770
2024-09-23 20:09:01
cve
cve
CVE-2024-8770
2024-09-23 21:15:13
Related for NVD:CVE-2024-8770