VDB
CVE-2024-7711
CVE-2024-7711
PUBLISHED
Es besteht eine Schwachstelle in Microsoft GitHub Enterprise aufgrund einer falschen Konfiguration der Autorisierung. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um den Titel, die Beauftragten und die Beschriftungen eines beliebigen Eintrags in einem öffentlichen Repository zu ändern.
EPSS 0.28% · 51.3th percentile
Risk Scores
EPSS Score
0.28%
51.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft GitHub Enterprise <3.13.3 | |
| Microsoft | Microsoft GitHub Enterprise <3.11.14 | |
| Microsoft | Microsoft GitHub Enterprise <3.10.16 | |
| Microsoft | Microsoft GitHub Enterprise <3.12.8 |
Timeline
- Aug 20, 2024 CVE Published
- Aug 20, 2024 PoC Published
- Aug 21, 2024 EPSS Score
- Aug 23, 2024 PoC Published
- Aug 26, 2024 PoC Published
- Sep 11, 2024 EPSS Score
- Oct 1, 2024 EPSS Score
- Oct 5, 2024 Coalition ESS Score
- Oct 22, 2024 EPSS Score
- Nov 11, 2024 EPSS Score
- Dec 3, 2024 EPSS Score
- Dec 23, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1890.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1890 advisory
- https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16 advisory
- https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14 advisory
- https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8 advisory
- https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3 advisory