CVE-2024-10824 - GitHub Enterprise Server Unauthorized Access to Secret Scanning Alert Data Bypass

2 weeks ago 5
ARTICLE AD BOX
CVE ID : CVE-2024-10824
Published : Nov. 7, 2024, 10:15 p.m. | 24 minutes ago
Description : An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token (PAT) and required that secret scanning be enabled on user-owned repositories. This vulnerability affected GitHub Enterprise Server versions after 3.13.0 but prior to 3.14.0 and was fixed in version 3.13.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article