How severe is CVE-2024-3470?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-3470?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2024-3470 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as well as repository administrator access. This vulnerability affected versions of GitHub Enterprise Server 3.11 to 3.12 and was fixed in versions 3.11.8 and 3.12.2. This vulnerability was reported via the GitHub Bug Bounty program.

Related Vulnerabilities

CVE-2017-6507

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have i...

CWE-2692017

CVE-2023-29056

MEDIUM

CVSS:5.9(Medium)

A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Auth...

CWE-2692023

CVE-2024-33500

HIGH

CVSS:5.9(Medium)

A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0), Mendix Applications using Mendix 10 (V10.6) (All versions < V10.6.9), Mendix Applications using Me...

CWE-2692024

CVE-2024-44439

MEDIUM

CVSS:5.9(Medium)

An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port.

CWE-2692024

CVE-2025-2324

MEDIUM

CVSS:5.9(Medium)

Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023....

CWE-2692025

CVE-2017-5703

MEDIUM

CVSS:6.0(Medium)

Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service.

CWE-2692017