CVE-2024-5566 Improper Privilege Management allows for access to unauthorized repository content during migration

An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6,...

CVE-2024-5566

CVE-2024-5566 affects GitHub Enterprise Server prior to 3.14, where an improper privilege management issue allowed migration of private repositories without sufficient Personal Access Token scopes. The root cause is insufficient access control during repository migration, enabling unintended cont...

PT-2024-37160 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: A Denial of Service issue was identified in GitHub Enterprise Server, allowing an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This...

PT-2024-36574 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: An improper privilege management issue allowed users to migrate private repositories without having the appropriate scopes defined on the related Personal Access Token...

PT-2024-37179 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: An Incorrect Authorization issue was identified in GitHub Enterprise Server, allowing read access to issue content via GitHub Projects. This issue was only exploitable in internal...

PT-2024-37177 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: A Cross-Site Request Forgery issue in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. The attacker would have t...

PT-2024-37592 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: An exposure of sensitive information issue in GitHub Enterprise Server allows an attacker to enumerate the names of private repositories that utilize deploy keys. This issue does no...

The vulnerability of the corporate version of the GitHub Enterprise Server, related to insufficient validation of incoming requests, allows a violator to execute arbitrary code.

The vulnerability of the corporate version of the GitHub Enterprise Server is related to insufficient checking of incoming requests. Exploitation of this vulnerability could allow a malicious actor to execute arbitrary code remotely...

GitHub: SAML Signature verification bypass allows logging into any user (with specific conditions)

The vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response and gain unauthorized access to the instance, including site administrator privileges, by exploiting a signature verification bypass. The vulnerability affected all versions of...

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

CVE-2024-5746

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...

GitHub Enterprise Server Security Vulnerability

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...

The vulnerability of the corporate version of the GitHub Enterprise Server, related to incorrect authorization, allows a perpetrator to create new branches in public repositories and execute arbitrary GitHub Actions processes with the permission of GITHUB_TOKEN.

The vulnerability of the corporate version of the GitHub Enterprise Server is related to improper authentication. Exploiting this vulnerability allows a malicious actor to create new branches in public repositories and execute arbitrary GitHub Actions processes with the permission of GITHUBTOKEN...

Patch Now Critical Auth Bypass Flaw in GitHub Enterprise Server Fixed

...

Vulnerability fixed in Github Enterprise Server

Github has fixed a vulnerability in Github Enterprise Server. A malicious party could exploit the vulnerability to gain access to the Github environment, possibly even as an administrator. The vulnerability is in the way Github handles SAML-Single-Sign-on. If the optional "Security Assertions" ar...

Critical GitHub Enterprise Server Flaw Allows Authentication Bypass

GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server GHES that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 CVSS score: 10.0, the issue could permit unauthorized access to an instance without requiring prior...

CVE-2024-4985

An authentication bypass vulnerability was present in the GitHub Enterprise Server GHES when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with...

CVE-2024-4985

The CVE-2024-4985 issue affects GitHub Enterprise Server (GHES) where SAML SSO with optional encrypted assertions can be abused to forge a SAML response, enabling provisioning or access to a site administrator account without prior authentication. The vulnerability impacts all GHES versions prior...

PT-2024-5050 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.13.0 GitHub Enterprise Server version 3.9.15 GitHub Enterprise Server version 3.10.12 GitHub Enterprise Server version 3.11.10 GitHub Enterprise Server version 3.12.4 Description: An authentication...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...