CVE-2024-9539

An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to uplo...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stem...

CVE-2024-8770

A Cross-Site Scripting XSS vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version...

CVE-2024-8770

A Cross-Site Scripting XSS vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version...

CVE-2024-8263

An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. Thi...

CVE-2024-8770

A Cross-Site Scripting XSS vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version...

CVE-2024-8770

CVE-2024-8770 describes a Cross-Site Scripting (XSS) vulnerability in the repository transfer feature of GitHub Enterprise Server. The issue affected all versions prior to the fixed releases and allowed attackers to steal sensitive user information via social engineering. Fixes were released in G...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stem...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stem...

PT-2024-39238 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.10.17 GitHub Enterprise Server versions prior to 3.11.15 GitHub Enterprise Server versions prior to 3.12.9 GitHub Enterprise Server versions prior to 3.13.4 GitHub Enterprise Server versions prior ...

The vulnerability of the corporate version of the GitHub Enterprise Server, related to the disclosure of content in private repositories, allows a violator to gain access to confidential information.

The vulnerability of the corporate version of the GitHub Enterprise Server relates to the exposure of content in private repositories. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

The vulnerability of the corporate version of the GitHub Enterprise Server is related to improper authentication, which allows a malicious user to modify issues in public repositories.

The vulnerability of the corporate version of the GitHub Enterprise Server is related to improper authentication. Exploiting this vulnerability could allow a malicious actor to modify issues in public repositories remotely...

The vulnerability of the SAML SSO authentication mechanism in the corporate version of the GitHub Enterprise Server allows a perpetrator to gain access to a user account with administrator privileges.

The vulnerability of the SAML SSO authentication mechanism in the corporate version of the GitHub Enterprise Server is related to errors in verifying the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to gain access to a user account with administrator...

Vulnerabilities fixed in GitHub Enterprise Server

GitHub has fixed vulnerabilities in the Enterprise Server. A malicious party could exploit the vulnerabilities to access and potentially manipulate sensitive data. Also, under certain, unspecified conditions, a malicious party can use rogue SAML traffic to gain access to any account, including...

CVE-2024-7711

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server...

CVE-2024-6800

An XML signature wrapping vulnerability was present in GitHub Enterprise Server GHES when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise...

CVE-2024-6800

An XML signature wrapping vulnerability was present in GitHub Enterprise Server GHES when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise...

CVE-2024-6800

An XML signature wrapping vulnerability was present in GitHub Enterprise Server GHES when utilizing SAML authentication with specific identity providers. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain...

CVE-2024-6800

CVE-2024-6800 is an XML signature wrapping vulnerability in GitHub Enterprise Server (GHES) affecting SAML authentication with certain IdPs that expose signed federation metadata XML. An attacker with direct network access could forge a SAML response to provision and/or gain access to a user with...