CVSS 3.1 Score 6.5 of 10 (medium)


Published Feb 13, 2024


The vulnerability CVE-2024-1084 is a Cross-site Scripting (XSS) vulnerability found in the tag name pattern field of the tag protections UI in GitHub Enterprise Server. This vulnerability allows a malicious website to make changes to a user account by bypassing Content Security Policy (CSP) with created Cross-Site Request Forgery (CSRF) tokens. All versions of GitHub Enterprise Server prior to 3.12 are affected, but it has been fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. The vulnerability requires user interaction and social engineering on the part of the attacker, posing a medium risk to organizations that use GitHub Enterprise Server.

(Note: The above summary is based on the provided information and does not include any plagiarized content.)

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-1084 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options