CVE-2024-2748 MEDIUM

CVE-2024-2748: CSRF vulnerability was identified in GitHub Enterprise Server that allowed performing actions on behalf of a user

Vendor Github
Product Enterprise Server
Weakness CWE-352 · CSRF
Published March 20, 2024
Last update August 2, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. 

Key dates

02Disclosure timeline

March 20, 2024 CVE published
August 2, 2024 Record updated