CVE-2024-2748

Published: Mar 21, 2024Modified: Jun 17, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: CNA (Secondary)

Description

A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.

Affected (1)

Products: Github: Enterprise Server

1 product

Enterprise Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Github Enterprise Server	Version 3.12.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://docs.github.com/en/enterprise-server@3.12/admin/release-notes/#3.12.1

Source: product-cna@github.com

Release Notes

https://docs.github.com/en/enterprise-server@3.12/admin/release-notes/#3.12.1

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.