CVE-2024-1908 Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed Privilege Escalation

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings fo...

CVE-2024-1482 Improper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...

CVE-2024-1482 Improper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...

CVE-2024-1482

CVE-2024-1482 describes an incorrect authorization flaw in GitHub Enterprise Server that could let an attacker with access to the server create new branches in public repositories and run arbitrary GitHub Actions workflows using the GITHUB_TOKEN. Affected versions: all after 3.8 and before 3.12. ...

CVE-2024-1372

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise...

CVE-2024-1378

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to th...

CVE-2024-1374

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required acce...

CVE-2024-1369

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. Exploitation of this vulnerability...

CVE-2024-1084

Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all...

Command injection

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to th...

Command injection

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. Exploitation of this vulnerability...

CVE-2024-1378 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to th...

CVE-2024-1374

CVE-2024-1374 : In GitHub Enterprise Server, a command-injection in the Management Console via nomad templates allowed an attacker with an editor role to escalate to admin SSH access to the appliance (root) when configuring audit log forwarding. Exploitation requires access to the GitHub Enterpri...

CVE-2024-1374 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required acce...

CVE-2024-1372

GitHub Enterprise Server suffers a command injection vulnerability that allows an attacker with the Management Console editor role to obtain admin SSH access during SAML configuration. Affected: all versions prior to 3.12; fixes are available in 3.11.5, 3.10.7, 3.9.10, and 3.8.15. The root cause ...

CVE-2024-1372 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise...

CVE-2024-1359

Summary: CVE-2024-1359 is a command injection vulnerability in GitHub Enterprise Server that allowed an attacker with the Management Console’s editor role to escalate to admin/root SSH access when configuring an HTTP proxy. Affected products/versions: all GitHub Enterprise Server versions prior t...

CVE-2024-1355 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...

CVE-2024-1355

CVE-2024-1355 describes a command injection in GitHub Enterprise Server. An attacker with the Management Console editor role could exploit the actions-console docker container to gain admin SSH access to the appliance by manipulating a service URL. Exploitation required access to the GitHub Enter...

CVE-2024-1354

CVE-2024-1354 describes a command-injection vulnerability in GitHub Enterprise Server where an attacker with editor privileges in the Management Console could escalate to admin SSH access via the syslog-ng configuration. The issue requires access to the GitHub Enterprise Server instance and Manag...