CVE-2024-8263

216.73.216.226

· Published 23/09/2024 21:15 · Modified 30/09/2024 15:57

Labels: CVE-2024-8263 2024-09-23 CVE-2024-8263 CWE-269 NVD-CWE-noinfo [email protected]

Essential information

Published: 23/09/2024 21:15
Modified: 30/09/2024 15:57
Author: —
Creator: —
CVSS: 2.7 LOW (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CVSS metrics

Description

An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.

NVD status

Status: Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
github / enterprise server	`cpe:2.3:a:github:enterprise_server::::::::`
github / enterprise server	`cpe:2.3:a:github:enterprise_server::::::::`
github / enterprise server	`cpe:2.3:a:github:enterprise_server::::::::`
github / enterprise server	`cpe:2.3:a:github:enterprise_server::::::::`
github / enterprise server	`cpe:2.3:a:github:enterprise_server:3.14.0:::::::*`