How severe is CVE-2024-3646?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2024-3646?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2024-3646 - HIGH Severity | CVSS 8

Vulnerability Description

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.12.2, 3.11.8, 3.10.10, and 3.9.13. This vulnerability was reported via the GitHub Bug Bounty program.

Related Vulnerabilities

CVE-2016-1661

HIGH

CVSS:8.0(High)

Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers ...

CWE-202016

CVE-2017-14320

HIGH

CVSS:8.0(High)

Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files.

CWE-202017

CVE-2017-6662

HIGH

CVSS:8.0(High)

A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access t...

CWE-202017

CVE-2017-7466

HIGH

CVSS:8.0(High)

Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the abili...

CWE-202017

CVE-2018-11294

HIGH

CVSS:8.0(High)

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4 access categories. Whil...

CWE-202018

CVE-2018-5199

HIGH

CVSS:8.0(High)

In Veraport G3 ALL on MacOS, due to insufficient domain validation, It is possible to overwrite installation file to malicious file. A remote unauthenticated attacker may use this vulnerability to exe...

CWE-202018