CVERadar

CVE-2024-8810

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.00083/1

CVE-2024-8810 is a GitHub Enterprise Server vulnerability where a maliciously crafted GitHub App, when installed by an administrator, could unexpectedly escalate its permissions from read to write without explicit organization administrator approval. The vulnerability affected versions prior to 3.14 and was resolved in versions 3.14.1, 3.13.4, 3.12.9, 3.11.15, and 3.10.17. Despite the CVSS score of 0, the SOCRadar Vulnerability Risk Score (SVRS) is 30, indicating a moderate level of risk based on threat intelligence analysis.

This privilege escalation vulnerability allows a bad actor to gain unauthorized write access to an organization's resources. Although exploiting this requires an administrator to install the malicious app, the potential impact on data security and system integrity is significant. Organizations using GitHub Enterprise Server should prioritize patching to the fixed versions to mitigate this risk. The vulnerability was responsibly disclosed through the GitHub Bug Bounty program, highlighting the importance of vulnerability reporting and proactive security measures.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-8810 | GitHub Enterprise Server up to 3.10.16/3.11.14/3.12.8/3.13.3/3.14.0 privileges management

vuldb.com2024-11-09

CVE-2024-8810 | GitHub Enterprise Server up to 3.10.16/3.11.14/3.12.8/3.13.3/3.14.0 privileges management | A vulnerability classified as critical was found in GitHub Enterprise Server up to 3.10.16/3.11.14/3.12.8/3.13.3/3.14.0. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper privilege management. This vulnerability is known as CVE-2024-8810. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

rss

forum

news

Social Media

CVEFind.com

@CveFindCom

2024-11-07

[CVE-2024-8810: HIGH] Vulnerability in GitHub Enterprise Server allowed unauthorized permissions upgrade. Fixed in versions 3.14.1, 3.13.4, 3.12.9, 3.11.15, and 3.10.17. Reported through the Bug Bounty program.#cybersecurity,#vulnerability https://t.co/aECPC7Y1O1 https://t.co/TbgmfXbK7p

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://docs.github.com/en/[email protected]/admin/release-notes#3.10.17
[email protected]	https://docs.github.com/en/[email protected]/admin/release-notes#3.11.15
[email protected]	https://docs.github.com/en/[email protected]/admin/release-notes#3.12.9
[email protected]	https://docs.github.com/en/[email protected]/admin/release-notes#3.13.4
[email protected]	https://docs.github.com/en/[email protected]/admin/release-notes#3.14.1

CWE Details

CWE ID	CWE Name	Description
CWE-269	Improper Privilege Management	The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence