GitHub Enterprise Server 3.13.x Auth Bypass - November 2024
CVE-2024-10824 Published on November 7, 2024
Authorization Bypass Vulnerability was Identified in GitHub Enterprise Server that Allowed Unauthorized Internal Users to Access Secret Scanning Alert Data
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token (PAT) and required that secret scanning be enabled on user-owned repositories. This vulnerability affected GitHub Enterprise Server versions after 3.13.0 but prior to 3.14.0 and was fixed in version 3.13.2.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2024-10824 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2024-10824
Want to know whenever a new CVE is published for github Enterprise Server? stack.watch will email you.
Affected Versions
GitHub Enterprise Server:- Version 3.13.0, <= 3.13.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.