{"vulnerability": "cve-2024-1082", "sightings": [{"uuid": "1f469a64-de7f-49e1-b881-41f3c521a39b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10826", "type": "seen", "source": "https://vulnerability.circl.lu/comment/c1a30f74-0435-4ac7-a977-50ef00fdffe0", "content": "", "creation_timestamp": "2024-11-06T09:47:00.820445Z"}, {"uuid": "bb5880bf-799c-4c92-8d45-04e226aaf9cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10827", "type": "seen", "source": "https://vulnerability.circl.lu/comment/65dab379-0829-483c-b7ec-7176fcaec354", "content": "", "creation_timestamp": "2024-11-06T09:34:53.961210Z"}, {"uuid": "06c6631c-d34b-4535-97b5-34c0df92e593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1082", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15811", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1082\n\ud83d\udd25 CVSS Score: 6.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an\u00a0attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\ud83d\udccf Published: 2024-02-13T18:47:10.591Z\n\ud83d\udccf Modified: 2025-05-09T18:16:58.580Z\n\ud83d\udd17 References:\n1. https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15\n2. https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10\n3. https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7\n4. https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5", "creation_timestamp": "2025-05-09T18:26:25.000000Z"}, {"uuid": "f505dfe9-0c33-4b8a-abae-6182acceb7db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10828", "type": "seen", "source": "https://t.me/cvedetector/10792", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10828 - WooCommerce Advanced Order Export PHP Object Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10828 \nPublished : Nov. 13, 2024, 4:15 a.m. | 23\u00a0minutes ago \nDescription : The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the \"Try to convert serialized values\" option is enabled. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T05:47:58.000000Z"}, {"uuid": "6b2cd966-da83-4bc5-9160-2363231f3bbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10824", "type": "seen", "source": "https://t.me/cvedetector/10140", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10824 - GitHub Enterprise Server Unauthorized Access to Secret Scanning Alert Data Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-10824 \nPublished : Nov. 7, 2024, 10:15 p.m. | 22\u00a0minutes ago \nDescription : An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token (PAT) and required that secret scanning be enabled on user-owned repositories. This vulnerability affected GitHub Enterprise Server versions after 3.13.0 but prior to 3.14.0 and was fixed in version 3.13.2. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T23:37:55.000000Z"}, {"uuid": "b59a22f0-02bf-4150-bc90-d0b95483ba65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1082", "type": "seen", "source": "https://t.me/ctinow/201038", "content": "https://ift.tt/7evX8am\nCVE-2024-1082 | GitHub Enterprise Server up to 3.8.14/3.9.9/3.10.6/3.11.4/3.11 Symlink path traversal", "creation_timestamp": "2024-03-06T06:36:27.000000Z"}, {"uuid": "24336960-b51d-4a3d-9d05-12d2d850028f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10826", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113433789954455919", "content": "", "creation_timestamp": "2024-11-06T03:04:33.840394Z"}, {"uuid": "4c8da806-ae44-4838-9c42-aa858fa5ab2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10827", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113433843065977701", "content": "", "creation_timestamp": "2024-11-06T03:18:04.329561Z"}, {"uuid": "107d16c4-197e-40a5-9b3f-a6a8c794c354", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10825", "type": "seen", "source": "https://t.me/cvedetector/11047", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10825 - Hide My WP Ghost WordPress Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-10825 \nPublished : Nov. 15, 2024, 7:15 a.m. | 45\u00a0minutes ago \nDescription : The Hide My WP Ghost \u2013 Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T09:23:48.000000Z"}, {"uuid": "cdddc8b5-b64b-46d7-8dde-25f04cc82c1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1082", "type": "seen", "source": "https://t.me/ctinow/184134", "content": "https://ift.tt/5eGhQ8w\nCVE-2024-1082", "creation_timestamp": "2024-02-13T20:22:08.000000Z"}, {"uuid": "41f73430-ca06-4c4a-b5a5-791ceef391c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10820", "type": "seen", "source": "https://t.me/cvedetector/10795", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10820 - \"WooCommerce Upload Files Remote Code Execution Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10820 \nPublished : Nov. 13, 2024, 4:15 a.m. | 23\u00a0minutes ago \nDescription : The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T05:48:01.000000Z"}, {"uuid": "91374a3b-d07e-4f7a-8aa0-6a9b4a69c385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10826", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113436903167255240", "content": "", "creation_timestamp": "2024-11-06T16:16:20.151968Z"}, {"uuid": "f850b3c7-e969-409f-850a-1d683d9f1150", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10827", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113436903181932533", "content": "", "creation_timestamp": "2024-11-06T16:16:20.283725Z"}, {"uuid": "4ab18412-47ed-4b3f-a8d9-b2897125b443", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10824", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113443779202942423", "content": "", "creation_timestamp": "2024-11-07T21:24:57.979987Z"}, {"uuid": "1509d507-c46d-4232-a9be-e5ad10f7d9e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10827", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113443858920522560", "content": "", "creation_timestamp": "2024-11-07T21:45:14.339032Z"}, {"uuid": "423bd06b-0d1b-445c-b385-db5662e5a10c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10826", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113443858920522560", "content": "", "creation_timestamp": "2024-11-07T21:45:14.371388Z"}, {"uuid": "23deb98b-b6a3-4e28-a0e8-afb2c94ce712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10826", "type": "seen", "source": "https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review", "content": "", "creation_timestamp": "2024-11-12T18:26:35.000000Z"}, {"uuid": "f3315975-d411-48e4-bbcd-fbdcae895915", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10827", "type": "seen", "source": "https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review", "content": "", "creation_timestamp": "2024-11-12T18:26:35.000000Z"}, {"uuid": "16293160-d83e-4a66-aded-2784ea1d4514", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10825", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113485643510251007", "content": "", "creation_timestamp": "2024-11-15T06:51:36.825235Z"}]}