{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T17:52:43.253","vulnerabilities":[{"cve":{"id":"CVE-2024-7711","sourceIdentifier":"product-cna@github.com","published":"2024-08-20T20:15:10.173","lastModified":"2024-09-27T18:17:05.577","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server versions before 3.14 and was fixed in versions 3.13.3, 3.12.8, and 3.11.14. Versions 3.10 of GitHub Enterprise Server are not affected. This vulnerability was reported via the GitHub Bug Bounty program."},{"lang":"es","value":"Se identificó una vulnerabilidad de autorización incorrecta en GitHub Enterprise Server, lo que permite a un atacante actualizar el título, los asignatarios y las etiquetas de cualquier problema dentro de un repositorio público. Esto sólo era explotable dentro de un repositorio público. Esta vulnerabilidad afectó a las versiones de GitHub Enterprise Server anteriores a la 3.14 y se solucionó en las versiones 3.13.3, 3.12.8 y 3.11.14. Las versiones 3.10 de GitHub Enterprise Server no se ven afectadas. Esta vulnerabilidad se informó a través del programa GitHub Bug Bounty."}],"metrics":{"cvssMetricV40":[{"source":"product-cna@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Amber","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"YES","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"product-cna@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11.0","versionEndExcluding":"3.11.14","matchCriteriaId":"6ECADA51-1495-4D35-B7C0-6ADED7EDD26D"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12.0","versionEndExcluding":"3.12.8","matchCriteriaId":"2C305C7E-C6A2-42F2-A910-203B74C71128"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13.0","versionEndExcluding":"3.13.3","matchCriteriaId":"3A51D9A9-389E-469F-B17C-F5B7CCEEC498"}]}]}],"references":[{"url":"https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3","source":"product-cna@github.com","tags":["Release Notes","Vendor Advisory"]}]}}]}