CVE-2024-5815 MEDIUM

CVE-2024-5815: Cross Site Request Forgery was identified in GitHub Enterprise Server that allowed write in a user owned repository

Vendor Github
Product GitHub Enterprise Server
Weakness CWE-352 · CSRF
Published July 16, 2024
Last update August 1, 2024
View on NVD All CVEs

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/S:N/AU:N/R:U/RE:L/U:Amber

What the vulnerability does

01Description

A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit a tag in the attacker's fork of their own repository. vulnerability affected all versions of GitHub Enterprise Server prior 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.

Key dates

02Disclosure timeline

July 16, 2024 CVE published
August 1, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-49855 WordPress BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter Plugin <= 1.49.3 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2023-25473 WordPress Flickr Justified Gallery Plugin <= 3.5 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2024-7367 SourceCodester Simple Realtime Quiz System ajax.php cross-site request forgery CVE-2024-37490 WordPress Bard theme <= 2.210 - Cross Site Request Forgery (CSRF) vulnerability CVE-2023-25066 WordPress FV Flowplayer Video Player Plugin <= 7.5.30.7212 is vulnerable to Cross Site Request Forgery (CSRF)