CVE-2024-6395 Vulnerability Details

  /     /     /  

CVE-2024-6395 Metadata Quick Info

CVE Published: 16/07/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: GitHub_P | Vendor: GitHub | Product: GitHub Enterprise Server
Status : PUBLISHED

---

CVE-2024-6395 Description

An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-200
CWE Name: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Source: GitHub

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-261
CAPEC Description: CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data


Source: NVD (National Vulnerability Database).