We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-8770



Description

A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.

Reserved 2024-09-12 | Published 2024-09-23 | Updated 2024-09-23 | Assigner GitHub_P


MEDIUM: 5.8CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N

Product status

Default status
affected

3.14
affected

3.13.0
affected

3.12.0
affected

3.11.0
affected

3.10.0
affected

Credits

R31n finder

References

docs.github.com/en/enterprise-server@3.14/admin/release-notes

docs.github.com/en/enterprise-server@3.13/admin/release-notes

docs.github.com/en/enterprise-server@3.12/admin/release-notes

docs.github.com/en/enterprise-server@3.11/admin/release-notes

docs.github.com/en/enterprise-server@3.10/admin/release-notes

cve.org (CVE-2024-8770)

nvd.nist.gov (CVE-2024-8770)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-8770

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.