Vulnerability Details CVE-2024-5566
An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.0%
CVSS Severity
CVSS v3 Score 5.8
References
- https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14
- https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10
- https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6
- https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1
- https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17
- https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14
- https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10
- https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6
- https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1
- https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17
Products affected by CVE-2024-5566
-
cpe:2.3:a:github:enterprise_server:3.10.0
-
cpe:2.3:a:github:enterprise_server:3.10.1
-
cpe:2.3:a:github:enterprise_server:3.10.10
-
cpe:2.3:a:github:enterprise_server:3.10.11
-
cpe:2.3:a:github:enterprise_server:3.10.12
-
cpe:2.3:a:github:enterprise_server:3.10.13
-
cpe:2.3:a:github:enterprise_server:3.10.2
-
cpe:2.3:a:github:enterprise_server:3.10.3
-
cpe:2.3:a:github:enterprise_server:3.10.4
-
cpe:2.3:a:github:enterprise_server:3.10.5
-
cpe:2.3:a:github:enterprise_server:3.10.6
-
cpe:2.3:a:github:enterprise_server:3.10.7
-
cpe:2.3:a:github:enterprise_server:3.10.8
-
cpe:2.3:a:github:enterprise_server:3.10.9
-
cpe:2.3:a:github:enterprise_server:3.11.0
-
cpe:2.3:a:github:enterprise_server:3.11.1
-
cpe:2.3:a:github:enterprise_server:3.11.10
-
cpe:2.3:a:github:enterprise_server:3.11.11
-
cpe:2.3:a:github:enterprise_server:3.11.2
-
cpe:2.3:a:github:enterprise_server:3.11.3
-
cpe:2.3:a:github:enterprise_server:3.11.4
-
cpe:2.3:a:github:enterprise_server:3.11.5
-
cpe:2.3:a:github:enterprise_server:3.11.6
-
cpe:2.3:a:github:enterprise_server:3.11.7
-
cpe:2.3:a:github:enterprise_server:3.11.8
-
cpe:2.3:a:github:enterprise_server:3.11.9
-
cpe:2.3:a:github:enterprise_server:3.12.0
-
cpe:2.3:a:github:enterprise_server:3.12.1
-
cpe:2.3:a:github:enterprise_server:3.12.2
-
cpe:2.3:a:github:enterprise_server:3.12.3
-
cpe:2.3:a:github:enterprise_server:3.12.4
-
cpe:2.3:a:github:enterprise_server:3.12.5
-
cpe:2.3:a:github:enterprise_server:3.13.0
-
cpe:2.3:a:github:enterprise_server:3.9.0
-
cpe:2.3:a:github:enterprise_server:3.9.1
-
cpe:2.3:a:github:enterprise_server:3.9.10
-
cpe:2.3:a:github:enterprise_server:3.9.11
-
cpe:2.3:a:github:enterprise_server:3.9.12
-
cpe:2.3:a:github:enterprise_server:3.9.13
-
cpe:2.3:a:github:enterprise_server:3.9.14
-
cpe:2.3:a:github:enterprise_server:3.9.15
-
cpe:2.3:a:github:enterprise_server:3.9.16
-
cpe:2.3:a:github:enterprise_server:3.9.2
-
cpe:2.3:a:github:enterprise_server:3.9.3
-
cpe:2.3:a:github:enterprise_server:3.9.4
-
cpe:2.3:a:github:enterprise_server:3.9.5
-
cpe:2.3:a:github:enterprise_server:3.9.6
-
cpe:2.3:a:github:enterprise_server:3.9.7
-
cpe:2.3:a:github:enterprise_server:3.9.8
-
cpe:2.3:a:github:enterprise_server:3.9.9