CVE-2024-0507 MEDIUM

CVE-2024-0507: Privilege Escalation by Code Injection in the Management Console in GitHub Enterprise Server

Vendor Github
Product Enterprise Server
Weakness CWE-20 · Input validation
Published January 16, 2024
Last update October 22, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.

Key dates

02Disclosure timeline

January 16, 2024 CVE published
October 22, 2024 Record updated