CVE-2024-2748

EPSS 0.25%
Veröffentlicht 21.03.2024 00:15:09
Zuletzt bearbeitet 02.09.2025 14:07:47
Quelle product-cna@github.com
CVE-Watchlists
Login
Unerledigt
Login

CSRF vulnerability was identified in GitHub Enterprise Server that allowed performing actions on behalf of a user

A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Github ≫ Enterprise Server Version3.12.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.48

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
product-cna@github.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

https://docs.github.com/en/enterprise-server@3.12/admin/release-notes/#3.12.1

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2024-2748

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2748

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2748

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-2748