Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2024-0200

CVE information

Published

2 months ago

Last Modified

2 months ago

CVSSv3.1 Severity

Critical

Description

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program. .

CVSSv3.1 Score

Severity
Critical
Base Score
9.8/10
Exploit Score
3.9/10
Access Vector
Network
Access Complexity
Low
Privileges Required
None
Impact Score
5.9/10
Confidentiality Impact
High
Availability Impact
High
Integrity Impact
High
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
  Yes
3.11.0 3.11.3
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
  Yes
3.10.0 3.10.5
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
  Yes
3.9.0 3.9.8
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
  Yes
3.8.0 3.8.13