CVE-2024-5746 – A Server-Side Request Forgery vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2024-5746?

CVE-2024-5746 has a CVSS score of 7.6 (HIGH). A Server-Side Request Forgery vulnerability in GitHub Enterprise Server allows authenticated site administrators to execute arbitrary code on the server instance. This affects all GitHub Enterprise Server versions prior to 3.13, putting organizations using vulnerable versions at risk of complete system compromise.

📋 TL;DR

A Server-Side Request Forgery vulnerability in GitHub Enterprise Server allows authenticated site administrators to execute arbitrary code on the server instance. This affects all GitHub Enterprise Server versions prior to 3.13, putting organizations using vulnerable versions at risk of complete system compromise.

💻 Affected Systems

Products:

GitHub Enterprise Server

Versions: All versions prior to 3.13

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access with Site Administrator role privileges

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the GitHub Enterprise Server instance, allowing attackers to steal source code, modify repositories, access sensitive data, and pivot to internal networks.

🟠

Likely Case

Unauthorized code execution leading to data exfiltration, repository manipulation, and potential lateral movement within the organization's infrastructure.

🟢

If Mitigated

Limited impact due to strict access controls and monitoring, but still represents a significant security risk requiring immediate remediation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated access with Site Administrator privileges, which reduces attack surface but increases impact for compromised accounts

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.12.5, 3.11.11, 3.10.13, or 3.9.16

Vendor Advisory: https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.5

Restart Required: Yes

Instructions:

1. Backup your GitHub Enterprise Server instance. 2. Download the appropriate patched version from GitHub Enterprise Server releases. 3. Follow the upgrade instructions for your specific version. 4. Restart the server after upgrade completion.

🔧 Temporary Workarounds

Restrict Site Administrator Access

all

Limit the number of users with Site Administrator role to only essential personnel

Implement Network Segmentation

all

Restrict GitHub Enterprise Server's outbound network access to prevent SSRF exploitation

🧯 If You Can't Patch

Immediately audit and reduce Site Administrator accounts to absolute minimum
Implement strict monitoring and alerting for Site Administrator account activities

🔍 How to Verify

Check if Vulnerable:

Check your GitHub Enterprise Server version via the Management Console or SSH into the instance and run 'ghe-version'

Check Version:

ssh admin@your-ghe-instance 'ghe-version'

Verify Fix Applied:

Verify version is 3.12.5, 3.11.11, 3.10.13, 3.9.16 or later using 'ghe-version' command

📡 Detection & Monitoring

Log Indicators:

Unusual SSRF patterns in application logs
Suspicious administrator account activities
Unexpected outbound network connections from GitHub server

Network Indicators:

Unusual outbound HTTP/HTTPS requests from GitHub server to internal systems
SSH connections from GitHub server to unexpected destinations

SIEM Query:

source="github-enterprise" AND (event_type="admin_activity" OR event_type="ssrf_attempt")

📊 Metadata

CVE ID: CVE-2024-5746

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:L

CWE: CWE-918

Published: June 20, 2024

Last Updated: August 27, 2025

🔗 References

https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.13 Release Notes
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.11 Release Notes
https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.5 Release Notes
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.16 Release Notes
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.13 Release Notes
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.11 Release Notes
https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.5 Release Notes
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.16 Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5746, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Enterprise Server by Github

Enterprise Server by Github

Enterprise Server by Github

Enterprise Server by Github

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Site Administrator Access

Implement Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities