GitHub Enterprise Server (GHES) product security update advisory

Overview

 

An update has been released to address a vulnerability in GitHub Enterprise Server (GHES) product. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

• GitHub Enterprise Server versions up to and including 3.9.15 (excluded)
• GitHub Enterprise Server versions: 3.9.15 (excluded) to 3.10.12 (excluded)
• GitHub Enterprise Server versions : 3.10.12 (excluded) to 3.11.10 (excluded)
• GitHub Enterprise Server versions : 3.11.10 (excluded) to 3.12.4 (excluded)

 

Resolved Vulnerabilities

 

Authentication bypass vulnerability in GitHub Enterprise Server (CVE-2024-4985) [5]

 

Vulnerability Patches

 

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability patches version.

 

GitHub Enterprise Server (GHES) versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4

 

Referenced Sites

 

[1] https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.15

[2] https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.12

[3] https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10

[4] https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.4

[5] https://nvd.nist.gov/vuln/detail/CVE-2024-4985