cve/2024/CVE-2024-5566.md

### [CVE-2024-5566](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5566)
![](https://img.shields.io/static/v1?label=Product&message=GitHub%20Enterprise%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.10.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.11.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.12.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.13%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.9.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brightgreen)

### Description

An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`### [CVE-2024-5566](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5566)`
			`![](https://img.shields.io/static/v1?label=Product&message=GitHub%20Enterprise%20Server&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.10.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.11.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.12.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.13%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.9.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brightgreen)`

			`### Description`

			`An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`