How severe is CVE-2024-3684?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2024-3684?

This is classified as CWE-88, which is a common weakness in software security.

CVE-2024-3684 - HIGH Severity | CVSS 8

Vulnerability Description

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.12.2, 3.11.8, 3.10.10, and 3.9.13. This vulnerability was reported via the GitHub Bug Bounty program.

Related Vulnerabilities

CVE-2018-13386

HIGH

CVSS:8.1(High)

There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree fo...

CWE-882018

CVE-2019-6453

HIGH

CVSS:8.1(High)

mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC s...

CWE-882019

CVE-2021-34718

HIGH

CVSS:8.1(High)

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to...

CWE-882021

CVE-2021-41316

HIGH

CVSS:8.1(High)

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argum...

CWE-882021

CVE-2019-12578

HIGH

CVSS:7.8(High)

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvp...

CWE-882019

CVE-2019-5012

HIGH

CVSS:7.8(High)

An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and...

CWE-882019