{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T15:33:33.773","vulnerabilities":[{"cve":{"id":"CVE-2024-10007","sourceIdentifier":"product-cna@github.com","published":"2024-11-07T21:15:06.193","lastModified":"2025-08-27T16:32:40.733","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise prior to 3.15 and was fixed in versions 3.14.3, 3.13.6, 3.12.11, and 3.11.17. This vulnerability was reported via the GitHub Bug Bounty program."},{"lang":"es","value":"Se identificó una vulnerabilidad de colisión de rutas y ejecución de código arbitrario en GitHub Enterprise Server que permitía que el escape de contenedores escalara a la raíz a través de la ruta ghe-firejail. La explotación de esta vulnerabilidad requiere acceso de administrador de la empresa a la instancia de GitHub Enterprise Server. Esta vulnerabilidad afectó a todas las versiones de GitHub Enterprise anteriores a la 3.15 y se corrigió en las versiones 3.14.3, 3.13.6, 3.12.11 y 3.11.17. Esta vulnerabilidad se informó a través del programa de recompensas por errores de GitHub."}],"metrics":{"cvssMetricV40":[{"source":"product-cna@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}]},"weaknesses":[{"source":"product-cna@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionEndExcluding":"3.11.17","matchCriteriaId":"8CD9D8C6-6C62-4503-BB45-C242D4D729D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12.0","versionEndExcluding":"3.12.11","matchCriteriaId":"3E508CA3-5608-4307-8E74-370F0BE48E1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13.0","versionEndExcluding":"3.13.6","matchCriteriaId":"9F52DA5B-37F6-4871-A192-04EA93ACB416"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.14.0","versionEndExcluding":"3.14.3","matchCriteriaId":"89D867C0-CBFE-4EB0-8E28-AE9230BAB742"}]}]}],"references":[{"url":"https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.17","source":"product-cna@github.com","tags":["Release Notes"]},{"url":"https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.11","source":"product-cna@github.com","tags":["Release Notes"]},{"url":"https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.6","source":"product-cna@github.com","tags":["Release Notes"]},{"url":"https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.3","source":"product-cna@github.com","tags":["Release Notes"]}]}}]}