QID 379288
Date Published: 2024-01-24
QID 379288: GitHub Enterprise Server Multiple Security Vulnerabilites
GitHub provides hosting for software development version control using Git.
CVE-2024-0200- This vulnerability could lead to the execution of user-controlled methods and remote code execution
CVE-2024-0507- An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console.
Affected Versions:
3.11 Prior to 3.11.3
3.10 Prior to 3.10.5
3.9 Prior to 3.9.8
3.8 Prior to 3.8.13
QID Detection Logic:
It checks for vulnerable version of GitHub Enterprise Server.
This vulnerability could lead to remote code execution and privilege escalation
Solution
Please refer to GitHub advisory release-notes#3.11.3
release-notes#3.10.5
release-notes#3.9.8
release-notes#3.8.13
Vendor References
- release-notes#3.10.5 -
docs.github.com/en/[email protected]/admin/release-notes#3.10.5 - release-notes#3.11.3 -
docs.github.com/en/[email protected]/admin/release-notes#3.11.3
- release-notes#3.8.13 -
docs.github.com/en/[email protected]/admin/release-notes#3.8.13
- release-notes#3.9.8 -
docs.github.com/en/[email protected]/admin/release-notes#3.9.8
CVEs related to QID 379288
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| Enterprise Server 3.10.5 |
docs.github.com/en/[email protected]/admin/release-notes#3.10.5 |
||
| Enterprise Server 3.11.3 |
docs.github.com/en/[email protected]/admin/release-notes#3.11.3 |
||
| Enterprise Server 3.8.13 |
docs.github.com/en/[email protected]/admin/release-notes#3.8.13 |
||
| Enterprise Server 3.9.8 |
docs.github.com/en/[email protected]/admin/release-notes#3.9.8 |