An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_P
Published: 2024-01-16T18:50:48.931Z
Updated: 2024-06-04T17:58:31.817Z
Reserved: 2024-01-02T19:47:57.924Z
Link: CVE-2024-0200
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-16T19:15:08.667
Modified: 2024-01-23T19:52:46.093
Link: CVE-2024-0200
JSON object: View
Redhat Information
No data.
CWE