How severe is CVE-2024-5746?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.6 out of 10.

What type of vulnerability is CVE-2024-5746?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2024-5746 - HIGH Severity | CVSS 7.6

Vulnerability Description

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise Server as a user with the Site Administrator role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.12.5, 3.11.11, 3.10.13, and 3.9.16. This vulnerability was reported via the GitHub Bug Bounty program.

Related Vulnerabilities

CVE-2020-6275

HIGH

CVSS:7.6(High)

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path n...

CWE-9182020

CVE-2022-0425

HIGH

CVSS:7.6(High)

A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks.

CWE-9182022

CVE-2022-24789

HIGH

CVSS:7.6(High)

C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arb...

CWE-9182022

CVE-2024-13957

HIGH

CVSS:7.6(High)

SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Ser...

CWE-9182024

CVE-2024-9624

HIGH

CVSS:7.6(High)

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. T...

CWE-9182024

CVE-2025-1912

HIGH

CVSS:7.6(High)

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the valida...

CWE-9182025