CVE-2024-1908

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Mar 21, 2024

CWE ID 269

Summary

CVE-2024-1908 is an Improper Privilege Management vulnerability discovered in GitHub Enterprise Server. It enables attackers to access private repository data using the Enterprise Actions GitHub Connect download token, if an account on the server instance has non-default settings for GitHub Connect. Affecting all versions before 3.12, this issue was resolved in 3.8.16, 3.9.11, 3.10.8, and 3.11.6. This vulnerability was reported via GitHub's Bug Bounty program.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uqigiX
https://www.cve.org/CVERecord?id=CVE-2024-1908
https://nvd.nist.gov/vuln/detail/CVE-2024-1908

Back to Vulnerability Database

CVE-2024-1908

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations