mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
137 lines
6.0 KiB
JSON
137 lines
6.0 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-0200",
|
|
"ASSIGNER": "product-cna@github.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability\u00a0could lead to the execution of user-controlled methods and remote code execution. To\u00a0exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role.\u00a0This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.\n\n"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')",
|
|
"cweId": "CWE-470"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "GitHub",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Enterprise Server",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"lessThan": "3.8.13",
|
|
"status": "affected",
|
|
"version": "3.8.0",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"lessThan": "3.9.8",
|
|
"status": "affected",
|
|
"version": "3.9.0",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"lessThan": "3.10.5",
|
|
"status": "affected",
|
|
"version": "3.10.0",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"lessThan": "3.11.3",
|
|
"status": "affected",
|
|
"version": "3.11.0",
|
|
"versionType": "semver"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13",
|
|
"refsource": "MISC",
|
|
"name": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13"
|
|
},
|
|
{
|
|
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8",
|
|
"refsource": "MISC",
|
|
"name": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8"
|
|
},
|
|
{
|
|
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5",
|
|
"refsource": "MISC",
|
|
"name": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5"
|
|
},
|
|
{
|
|
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3",
|
|
"refsource": "MISC",
|
|
"name": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.1.0-dev"
|
|
},
|
|
"source": {
|
|
"discovery": "EXTERNAL"
|
|
},
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Ngo Wei Lin of STAR Labs"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "LOW",
|
|
"baseScore": 7.2,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"scope": "CHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |