CVSS 3.1 Score 5.9 of 10 (medium)


Published Apr 19, 2024
CWE ID 269


CVE-2024-3470 is an Improper Privilege Management vulnerability that affects GitHub Enterprise Server versions 3.11 to 3.12. The vulnerability allows an attacker with a valid deploy key for a repository and repository administrator access to bypass an organization's ruleset. The issue was reported through the GitHub Bug Bounty program and has been fixed in versions 3.11.8 and 3.12.2 of GitHub Enterprise Server. The vulnerability has a base severity rating of MEDIUM, with high privileges required and no user interaction needed. It poses a potential risk to organizations as it can lead to unauthorized access and compromise the integrity of the system.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-3470 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options