6.5
CVE-2024-5566
- EPSS 0.2%
- Published 16.07.2024 22:15:04
- Last modified 21.11.2024 09:47:56
- Source product-cna@github.com
- CVE-Watchlists
- Open
LoginAn improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.
Data is provided by the National Vulnerability Database (NVD)
Github ≫ Enterprise Server Version >= 3.9.0 < 3.9.17
Github ≫ Enterprise Server Version >= 3.10.0 < 3.10.14
Github ≫ Enterprise Server Version >= 3.11.0 < 3.11.12
Github ≫ Enterprise Server Version >= 3.12.0 < 3.12.6
Github ≫ Enterprise Server Version3.13.0
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.421 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| product-cna@github.com | 5.8 | 1.3 | 4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.