CVE-2024-9539

An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to upload malicious SVG files and phish a victim user to click on that uploaded asset URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.2, 3.13.5, 3.12.10, 3.11.16. This vulnerability was reported via the GitHub Bug Bounty program.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16	Release Notes
https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.10	Release Notes
https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.5	Release Notes
https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.2	Release Notes

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::

History

No history.

Information

Published : 2024-10-11 18:15

Updated : 2024-11-15 17:15

NVD link : CVE-2024-9539

Mitre link : CVE-2024-9539

CVE.ORG link : CVE-2024-9539

JSON object : View

Products Affected

github

enterprise_server

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

{"id": "CVE-2024-9539", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "product-cna@github.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.7, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-10-11T18:15:08.887", "references": [{"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16", "tags": ["Release Notes"], "source": "product-cna@github.com"}, {"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.10", "tags": ["Release Notes"], "source": "product-cna@github.com"}, {"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.5", "tags": ["Release Notes"], "source": "product-cna@github.com"}, {"url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.2", "tags": ["Release Notes"], "source": "product-cna@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "product-cna@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to upload malicious SVG files and phish a victim user to click on that uploaded asset URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.2, 3.13.5, 3.12.10, 3.11.16. This vulnerability was reported via the GitHub Bug Bounty program."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en GitHub Enterprise Server a trav\u00e9s de una URL de un recurso cargado por un atacante, lo que le permite recuperar informaci\u00f3n de metadatos de un usuario que hace clic en la URL y explotarla para crear una p\u00e1gina de phishing convincente. Esto requer\u00eda que el atacante cargara archivos SVG maliciosos y enga\u00f1ara al usuario v\u00edctima para que hiciera clic en la URL del recurso cargado. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.14 y se corrigi\u00f3 en las versiones 3.14.2, 3.13.5, 3.12.10 y 3.11.16. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa de recompensas por errores de GitHub."}], "lastModified": "2024-11-15T17:15:06.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E624875C-FCF2-4538-8F3E-D64183154275", "versionEndExcluding": "3.11.16"}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F70645DE-4DC2-40CB-B425-4E002B302FDB", "versionEndExcluding": "3.12.10", "versionStartIncluding": "3.12.0"}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B08CBD2C-6DA7-4C0F-9812-42933F51C003", "versionEndExcluding": "3.13.5", "versionStartIncluding": "3.13.0"}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59E74193-93FE-45FE-8C74-34EC30EEB03C", "versionEndExcluding": "3.14.2", "versionStartIncluding": "3.14.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-cna@github.com"}