{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T15:15:52.585","vulnerabilities":[{"cve":{"id":"CVE-2024-9539","sourceIdentifier":"product-cna@github.com","published":"2024-10-11T18:15:08.887","lastModified":"2024-11-15T17:15:06.600","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to upload malicious SVG files and phish a victim user to click on that uploaded asset URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.2, 3.13.5, 3.12.10, 3.11.16. This vulnerability was reported via the GitHub Bug Bounty program."},{"lang":"es","value":"Se identificó una vulnerabilidad de divulgación de información en GitHub Enterprise Server a través de una URL de un recurso cargado por un atacante, lo que le permite recuperar información de metadatos de un usuario que hace clic en la URL y explotarla para crear una página de phishing convincente. Esto requería que el atacante cargara archivos SVG maliciosos y engañara al usuario víctima para que hiciera clic en la URL del recurso cargado. Esta vulnerabilidad afectó a todas las versiones de GitHub Enterprise Server anteriores a la 3.14 y se corrigió en las versiones 3.14.2, 3.13.5, 3.12.10 y 3.11.16. Esta vulnerabilidad se informó a través del programa de recompensas por errores de GitHub."}],"metrics":{"cvssMetricV40":[{"source":"product-cna@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"product-cna@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionEndExcluding":"3.11.16","matchCriteriaId":"E624875C-FCF2-4538-8F3E-D64183154275"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12.0","versionEndExcluding":"3.12.10","matchCriteriaId":"F70645DE-4DC2-40CB-B425-4E002B302FDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13.0","versionEndExcluding":"3.13.5","matchCriteriaId":"B08CBD2C-6DA7-4C0F-9812-42933F51C003"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.14.0","versionEndExcluding":"3.14.2","matchCriteriaId":"59E74193-93FE-45FE-8C74-34EC30EEB03C"}]}]}],"references":[{"url":"https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16","source":"product-cna@github.com","tags":["Release Notes"]},{"url":"https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.10","source":"product-cna@github.com","tags":["Release Notes"]},{"url":"https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.5","source":"product-cna@github.com","tags":["Release Notes"]},{"url":"https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.2","source":"product-cna@github.com","tags":["Release Notes"]}]}}]}