GitHub: Information Leakage via Clicked Link in GitHub Repository (Fingerprinting)

A vulnerability was identified in GitHub Enterprise Server that allowed an attacker to retrieve metadata information of a user who clicks on an uploaded malicious asset URL. The vulnerability affected all versions prior to 3.14 and was fixed in later versions...

GitHub: Access body and title of Internal Repo Issues in Projects

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and...

GitHub: GitHub Apps can access suspended installations via scoped user-to-server tokens

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This vulnerability was only exploitable in public repositories. The vulnerability affected all versions of...

CVE-2024-2440

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13...

CVE-2024-2440 Race Condition was identified in GitHub Enterprise Server that allowed maintaining admin permissions

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13...

CVE-2024-2440

A race condition in GitHub Enterprise Server allowed an existing admin to retain permissions on a detached repository by issuing a GraphQL mutation to alter repository permissions while the repository was detached. Affected: all GitHub Enterprise Server versions prior to 3.13. Fixes are available...

CVE-2024-3684

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability...

CVE-2024-3646

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub...

CVE-2024-3684 Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability...

CVE-2024-3684 Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability...

CVE-2024-3646 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub...

CVE-2024-3646

CVE-2024-3646 : A command injection vulnerability was identified in GitHub Enterprise Server that could let an attacker with an editor role in the Management Console obtain admin SSH access to the instance during chat integration configuration. Exploitation required access to the GitHub Enterpris...

CVE-2024-3470

GitHub Enterprise Server suffers an Improper Privilege Management flaw that lets a repository deploy key bypass an organization’s ruleset when an attacker has a valid deploy key and repository administrator access. Affected versions are 3.11–3.12; remediation is to upgrade to 3.11.8 or 3.12.2. In...

PT-2024-20385 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.13 GitHub Enterprise Server versions 3.9 through 3.9.12 GitHub Enterprise Server versions 3.10 through 3.10.9 GitHub Enterprise Server versions 3.11 through 3.11.7 GitHub Enterprise Server versions...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...

PT-2024-26117 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.11 through 3.12 Description: An Improper Privilege Management issue was identified in GitHub Enterprise Server, allowing an attacker to bypass an organization ruleset using a deploy key. The attacker would...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...

CVE-2024-1908

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings fo...

CVE-2024-2748

A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 a...