CVE-2024-2440

MEDIUM Year: 2024
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-367
View all →

Vulnerability Description

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.9.13, 3.10.10, 3.11.8 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.

Related Vulnerabilities

CVE-2025-21431

MEDIUM
CVSS:5.5(Medium)

Information disclosure may be there when a guest VM is connected.

CWE-3672025

CVE-2025-46805

MEDIUM
CVSS:5.5(Medium)

Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root.

CWE-3672025

CVE-2023-4155

MEDIUM
CVSS:5.6(Medium)

A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability a...

CWE-3672023

CVE-2017-11830

MEDIUM
CVSS:5.3(Medium)

Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security fe...

CWE-3672017

CVE-2020-8867

MEDIUM
CVSS:5.3(Medium)

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit t...

CWE-3672020