216.73.216.133

CVE-2024-10824

· Published 07/11/2024 22:15 · Modified 08/11/2024 19:01

Labels: CVE-2024-10824 2024-11-07CVE-2024-10824CWE-862[email protected]

Essential information

Published
07/11/2024 22:15
Modified
08/11/2024 19:01
Author
Creator
CISA KEV
No
CWE

Description

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token (PAT) and required that secret scanning be enabled on user-owned repositories. This vulnerability affected GitHub Enterprise Server versions after 3.13.0 but prior to 3.14.0 and was fixed in version 3.13.2.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References