CVE-2024-2748

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

A

Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.

References

Link	Resource
https://docs.github.com/en/[email protected]/admin/release-notes/#3.12.1	Release Notes
https://docs.github.com/en/[email protected]/admin/release-notes/#3.12.1	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:github:enterprise_server:3.12.0:*:*:*:*:*:*:*

History

02 Sep 2025, 14:07

Type	Values Removed	Values Added
First Time		Github Github enterprise Server
CPE		cpe:2.3:a:github:enterprise_server:3.12.0:::::::*
References	~~() https://docs.github.com/en/[email protected]/admin/release-notes/#3.12.1 -~~	() https://docs.github.com/en/[email protected]/admin/release-notes/#3.12.1 - Release Notes

21 Nov 2024, 09:10

Type	Values Removed	Values Added
References	~~() https://docs.github.com/en/[email protected]/admin/release-notes/#3.12.1 -~~	() https://docs.github.com/en/[email protected]/admin/release-notes/#3.12.1 -

Information

Published : 2024-03-21 00:15

Updated : 2025-09-02 14:07

NVD link : CVE-2024-2748

Mitre link : CVE-2024-2748

CVE.ORG link : CVE-2024-2748

JSON object : View

Products Affected

enterprise_server

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2024-2748", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-03-21T00:15:09.710", "references": [{"url": "https://docs.github.com/en/[email protected]/admin/release-notes/#3.12.1", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://docs.github.com/en/[email protected]/admin/release-notes/#3.12.1", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.\u00a0\n"}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad de Cross Site Request Forgery en GitHub Enterprise Server que permiti\u00f3 a un atacante ejecutar acciones no autorizadas en nombre de un usuario desprevenido. Un factor atenuante es que se requiere la interacci\u00f3n del usuario. Esta vulnerabilidad afect\u00f3 a GitHub Enterprise Server 3.12.0 y se solucion\u00f3 en las versiones 3.12.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty. "}], "lastModified": "2025-09-02T14:07:47.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:github:enterprise_server:3.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F223B5B-5A33-4ADD-8AE0-258D208757C2"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}