cve-2024-6337
Vulnerability from cvelistv5
Published
2024-08-20 19:19
Modified
2024-08-21 13:43
Severity ?
EPSS score ?
Summary
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access token was not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-cna@github.com | https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16 | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14 | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8 | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.10.0 ≤ 3.10.15 Version: 3.11.0 ≤ 3.11.14 Version: 3.12.0 ≤ 3.12.7 Version: 3.13.0 ≤ 3.13.2 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-6337", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-21T13:27:35.698833Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-21T13:43:00.222Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "GitHub Enterprise Server", vendor: "GitHub", versions: [ { changes: [ { at: "3.10.16", status: "unaffected", }, ], lessThanOrEqual: "3.10.15", status: "affected", version: "3.10.0", versionType: "semver", }, { changes: [ { at: "3.11.14", status: "unaffected", }, ], lessThanOrEqual: "3.11.14", status: "affected", version: "3.11.0", versionType: "semver", }, { changes: [ { at: "3.12.8", status: "unaffected", }, ], lessThanOrEqual: "3.12.7", status: "affected", version: "3.12.0", versionType: "semver", }, { changes: [ { at: "3.13.3", status: "unaffected", }, ], lessThanOrEqual: "3.13.2", status: "affected", version: "3.13.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "VAIBHAV SINGH (@vaib25vicky)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p><span style=\"background-color: transparent;\">An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only <b>content: read</b> and <b>pull_request_write: write</b> permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access token was not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.</span></p>", }, ], value: "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access token was not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.", }, ], impacts: [ { capecId: "CAPEC-114", descriptions: [ { lang: "en", value: "CAPEC-114 Authentication Abuse", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NEGLIGIBLE", attackComplexity: "HIGH", attackRequirements: "PRESENT", attackVector: "NETWORK", baseScore: 5.9, baseSeverity: "MEDIUM", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "LOW", subIntegrityImpact: "NONE", userInteraction: "PASSIVE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/S:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-20T19:19:49.193Z", orgId: "82327ea3-741d-41e4-88f8-2cf9e791e760", shortName: "GitHub_P", }, references: [ { url: "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16", }, { url: "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14", }, { url: "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8", }, { url: "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3", }, ], source: { discovery: "UNKNOWN", }, title: "Incorrect Authorization allows read access to issues in GitHub Enterprise Server", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "82327ea3-741d-41e4-88f8-2cf9e791e760", assignerShortName: "GitHub_P", cveId: "CVE-2024-6337", datePublished: "2024-08-20T19:19:49.193Z", dateReserved: "2024-06-25T21:20:27.045Z", dateUpdated: "2024-08-21T13:43:00.222Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2024-6337\",\"sourceIdentifier\":\"product-cna@github.com\",\"published\":\"2024-08-20T20:15:09.033\",\"lastModified\":\"2024-09-27T17:48:00.977\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access token was not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.\"},{\"lang\":\"es\",\"value\":\"Se identificó una vulnerabilidad de autorización incorrecta en GitHub Enterprise Server que permitía una aplicación GitHub con solo contenido: lectura y pull_request_write: permisos de escritura para leer el contenido del problema dentro de un repositorio privado. Esto solo se podía explotar mediante el token de acceso del usuario y el token de acceso a la instalación no se vio afectado. Esta vulnerabilidad afectó a todas las versiones de GitHub Enterprise Server anteriores a la 3.14 y se solucionó en las versiones 3.13.3, 3.12.8, 3.11.14 y 3.10.16. Esta vulnerabilidad se informó a través del programa GitHub Bug Bounty.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"product-cna@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"PASSIVE\",\"vulnerableSystemConfidentiality\":\"HIGH\",\"vulnerableSystemIntegrity\":\"NONE\",\"vulnerableSystemAvailability\":\"NONE\",\"subsequentSystemConfidentiality\":\"LOW\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NEGLIGIBLE\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"product-cna@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.10.0\",\"versionEndExcluding\":\"3.10.16\",\"matchCriteriaId\":\"827A09EB-C889-49E4-982D-01B416DEA6C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.11.0\",\"versionEndExcluding\":\"3.11.14\",\"matchCriteriaId\":\"6ECADA51-1495-4D35-B7C0-6ADED7EDD26D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.12.0\",\"versionEndExcluding\":\"3.12.8\",\"matchCriteriaId\":\"2C305C7E-C6A2-42F2-A910-203B74C71128\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.13.0\",\"versionEndExcluding\":\"3.13.3\",\"matchCriteriaId\":\"3A51D9A9-389E-469F-B17C-F5B7CCEEC498\"}]}]}],\"references\":[{\"url\":\"https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16\",\"source\":\"product-cna@github.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14\",\"source\":\"product-cna@github.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8\",\"source\":\"product-cna@github.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3\",\"source\":\"product-cna@github.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-6337\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-21T13:27:35.698833Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-21T13:42:55.052Z\"}}], \"cna\": {\"title\": \"Incorrect Authorization allows read access to issues in GitHub Enterprise Server\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"VAIBHAV SINGH (@vaib25vicky)\"}], \"impacts\": [{\"capecId\": \"CAPEC-114\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-114 Authentication Abuse\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NEGLIGIBLE\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/S:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"GitHub\", \"product\": \"GitHub Enterprise Server\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"3.10.16\", \"status\": \"unaffected\"}], \"version\": \"3.10.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.10.15\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.11.14\", \"status\": \"unaffected\"}], \"version\": \"3.11.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.11.14\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.12.8\", \"status\": \"unaffected\"}], \"version\": \"3.12.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.12.7\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.13.3\", \"status\": \"unaffected\"}], \"version\": \"3.13.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.13.2\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16\"}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14\"}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8\"}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access token was not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"<p><span style=\\\"background-color: transparent;\\\">An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only <b>content: read</b> and <b>pull_request_write: write</b> permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access token was not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.</span></p>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863 Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"82327ea3-741d-41e4-88f8-2cf9e791e760\", \"shortName\": \"GitHub_P\", \"dateUpdated\": \"2024-08-20T19:19:49.193Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-6337\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-21T13:43:00.222Z\", \"dateReserved\": \"2024-06-25T21:20:27.045Z\", \"assignerOrgId\": \"82327ea3-741d-41e4-88f8-2cf9e791e760\", \"datePublished\": \"2024-08-20T19:19:49.193Z\", \"assignerShortName\": \"GitHub_P\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.