CVE-2024-2748

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Mar 21, 2024

CWE ID 259

Summary

CVE-2024-2748 is a Cross-Site Request Forgery (CSRF) vulnerability affecting GitHub Enterprise Server. An attacker could exploit this issue to execute unauthorized actions on behalf of an unsuspecting user. However, it's important to note that user interaction is necessary for the exploit to succeed. This vulnerability was discovered in version 3.12.0 and was remedied in subsequent updates, specifically 3.12.1. The flaw was reported through GitHub's Bug Bounty program.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uqCp7z
https://www.cve.org/CVERecord?id=CVE-2024-2748
https://nvd.nist.gov/vuln/detail/CVE-2024-2748

Back to Vulnerability Database

CVE-2024-2748

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations