May 29, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Cybercriminals Distribute Fileless Remcos RAT Malware Using Excel Exploit – Active IOCs
November 11, 2024
Multiple Dell Enterprise SONiC OS Vulnerabilities
November 11, 2024
Cybercriminals Distribute Fileless Remcos RAT Malware Using Excel Exploit – Active IOCs
November 11, 2024
Multiple Dell Enterprise SONiC OS Vulnerabilities
November 11, 2024
Severity
Medium
Analysis Summary
CVE-2024-10824 CVSS:6.5
GitHub Enterprise Server could allow a remote authenticated attacker to obtain sensitive information, caused by an authorization bypass vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to access sensitive secret scanning alert data intended only for business owners.
CVE-2024-10007 CVSS:6.4
GitHub Enterprise Server could allow a local authenticated attacker to gain elevated privileges on the system, caused by a path collision and arbitrary code execution vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
Impact
- Information Disclosure
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-10824
- CVE-2024-10007
Affected Vendors
GitHub
Affected Products
- GitHub Enterprise Server - 3.13.1
- GitHub Enterprise Server - 3.11.16
- GitLab Enterprise Server - 3.12.10
- GitLab Enterprise Server - 3.13.5
- GitLab Enterprise Server - 3.14.2
Remediation
Refer to GitHub Website for patch, upgrade or suggested workaround information.
