CVE-2024-1374

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Feb 13, 2024

Updated: Mar 6, 2024

CWE ID 77

CWE ID 20

Summary

CVE-2024-1374: A command injection vulnerability was discovered in GitHub Enterprise Server, allowing an editor user in the Management Console to gain admin SSH access by manipulating nomad templates during audit log forwarding configuration. This vulnerability required access to the GitHub Enterprise Server instance and the Management Console with editor privileges. It affected all versions of GitHub Enterprise Server below 3.12, with patches released for versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. The issue was reported through the GitHub Bug Bounty program.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uc4dQv
https://www.cve.org/CVERecord?id=CVE-2024-1374
https://nvd.nist.gov/vuln/detail/CVE-2024-1374

Back to Vulnerability Database

CVE-2024-1374

CVSS 3.1 Score 9.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations