nvd-json-data-feeds/CVE-2024/CVE-2024-02xx/CVE-2024-0200.json

{
  "id": "CVE-2024-0200",
  "sourceIdentifier": "product-cna@github.com",
  "published": "2024-01-16T19:15:08.667",
  "lastModified": "2024-01-23T19:52:46.093",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability\u00a0could lead to the execution of user-controlled methods and remote code execution. To\u00a0exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role.\u00a0This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.\n\n"
    },
    {
      "lang": "es",
      "value": "Se identific\u00f3 una vulnerabilidad de reflexi\u00f3n insegura en GitHub Enterprise Server que podr\u00eda provocar una inyecci\u00f3n de reflexi\u00f3n. Esta vulnerabilidad podr\u00eda conducir a la ejecuci\u00f3n de m\u00e9todos controlados por el usuario y a la ejecuci\u00f3n remota de c\u00f3digo. Para aprovechar este error, un actor deber\u00eda iniciar sesi\u00f3n en una cuenta en la instancia de GHES con el rol de propietario de la organizaci\u00f3n. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en las versiones 3.8.13, 3.9.8, 3.10.5 y 3.11.3. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      },
      {
        "source": "product-cna@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW",
          "baseScore": 7.2,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 5.3
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-470"
        }
      ]
    },
    {
      "source": "product-cna@github.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-470"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "3.8.0",
              "versionEndExcluding": "3.8.13",
              "matchCriteriaId": "253739D1-3AED-408C-97C9-279159F8AE96"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "3.9.0",
              "versionEndExcluding": "3.9.8",
              "matchCriteriaId": "ECFE0544-DC34-4F4F-B803-AEBCF7B2B74F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "3.10.0",
              "versionEndExcluding": "3.10.5",
              "matchCriteriaId": "319648B0-78F1-444D-A947-DB4E0BDFAC6E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "3.11.0",
              "versionEndExcluding": "3.11.3",
              "matchCriteriaId": "107BE45D-EA6F-499B-872D-38883D296915"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5",
      "source": "product-cna@github.com",
      "tags": [
        "Release Notes"
      ]
    },
    {
      "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3",
      "source": "product-cna@github.com",
      "tags": [
        "Release Notes"
      ]
    },
    {
      "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13",
      "source": "product-cna@github.com",
      "tags": [
        "Release Notes"
      ]
    },
    {
      "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8",
      "source": "product-cna@github.com",
      "tags": [
        "Release Notes"
      ]
    }
  ]
}