CVE-2024-0507: 
GitHub Enterprise Server vulnerability analysis and mitigation

A command injection vulnerability was discovered in GitHub Enterprise Server's Management Console that could allow privilege escalation. The vulnerability (CVE-2024-0507) affects users with editor role access to the Management Console, who could exploit this vulnerability to escalate their privileges. The issue was identified and reported through GitHub's Bug Bounty program and was fixed in GitHub Enterprise Server versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 (NVD).

The vulnerability is classified as a command injection vulnerability (CWE-77) and has been assigned a CVSS v3.1 base score of 8.8 HIGH by NIST, with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. GitHub's own assessment rated it as MEDIUM severity with a CVSS score of 6.5 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N) (NVD).

The vulnerability allows an attacker with Management Console editor role access to escalate their privileges through command injection, potentially gaining higher levels of access to the GitHub Enterprise Server instance (NVD).

GitHub has released fixes for this vulnerability in multiple versions of GitHub Enterprise Server: 3.11.3, 3.10.5, 3.9.8, and 3.8.13. Users are advised to upgrade to these patched versions to mitigate the vulnerability (NVD).