EUVD-2023-58911

Malicious code in bioql PyPI...

CVE-2023-6690

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed i...

CVE-2023-6803

A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1...

Vela Server 安全漏洞

Vela Server is a Vela open source pipeline automation CI/CD framework built on Linux container technology. A security vulnerability exists in Vela Server versions prior to 0.25.3 and prior to 0.26.3, which stems from a possible repository ownership transfer and secret disclosure via a spoofed...

CVE-2024-8770

A Cross-Site Scripting XSS vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version...

PT-2024-39238 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.10.17 GitHub Enterprise Server versions prior to 3.11.15 GitHub Enterprise Server versions prior to 3.12.9 GitHub Enterprise Server versions prior to 3.13.4 GitHub Enterprise Server versions prior ...

CVE-2023-6803

A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1...

CVE-2023-6803

GitHub Enterprise Server contains a race condition vulnerability that can permit an outside collaborator to be added while a repository is being transferred. Affected software: GitHub Enterprise Server (all versions since 3.8). Root cause: race condition during repository transfer. Impact: potent...

CVE-2023-6690

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed i...

PT-2023-32778 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.8 through 3.8.11 GitHub Enterprise Server versions 3.9 through 3.9.6 GitHub Enterprise Server versions 3.10 through 3.10.3 GitHub Enterprise Server versions 3.11 through 3.11.0 Description: A race condition...

GitHub: RC Between GitHub's Repo Transfer REST API and updateTeamsRepository GraphQL Mutation Results in Covert and Persistent Admin Access Retention

A race condition was discovered in GitHub Enterprise Server that allowed an administrator to retain access permissions on repositories after transfer. This was possible by manipulating repository permissions through a GraphQL mutation during the transfer process. The vulnerability affected GitHub...

Gitea Deadlock Vulnerability

Gitea is an open source community-driven clone of Gogs, a lightweight code hosting solution with a backend written in Go under the MIT license. A deadlock vulnerability exists in Gitea 1.11.5 and earlier versions. An attacker can exploit this vulnerability to cause a deadlock by initiating a...