817 matches found
CVE-2022-46258
CVE-2022-46258 describes an incorrect authorization in GitHub Enterprise Server where a repository-scoped token with read/write access could modify Action Workflow files without a Workflow scope. Affected: all versions before 3.7. Fixes were released in 3.3.16, 3.4.11, 3.5.8, and 3.6.4. Practical...
CVE-2022-23741
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in...
CVE-2022-46255
An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite...
CVE-2022-46256
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in...
CVE-2022-23741 Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in...
CVE-2022-23741 Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in...
PT-2022-16244 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.3.17 GitHub Enterprise Server versions prior to 3.4.12 GitHub Enterprise Server versions prior to 3.5.9 GitHub Enterprise Server versions prior to 3.6.5 Description: An incorrect authorization issu...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server, which stems from an allowable...
GitHub Enterprise Server 路径遍历漏洞
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. GitHub Enterprise Server has a security vulnerability that stems from the fact that it allo...
CVE-2022-46256 Path traversal in GitHub Enterprise Server leading to remote code execution in GitHub Pages
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in...
GitHub Enterprise Server 路径遍历漏洞
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server version 3.7.0, which originates...
PT-2022-27795 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.3.17 GitHub Enterprise Server versions prior to 3.4.12 GitHub Enterprise Server versions prior to 3.5.9 GitHub Enterprise Server versions prior to 3.6.5 GitHub Enterprise Server versions prior to...
PT-2022-27794 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server version 3.7.0 Description: An improper limitation of a pathname to a restricted directory was identified, enabling remote code execution. A check was added within Pages to ensure the working directory is clean before...
CVE-2022-46256
CVE-2022-46256 — GitHub Enterprise Server : A path traversal vulnerability allows remote code execution when building a GitHub Pages site. An attacker must have permission to create and build a Pages site on the instance. The issue affects GitHub Enterprise Server and is fixed in versions 3.3.17,...
CVE-2022-46256 Path traversal in GitHub Enterprise Server leading to remote code execution in GitHub Pages
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in...
CVE-2022-23737
An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.7, which...
CVE-2022-23737 Improper Privilege Management in GitHub Enterprise Server leading to page creation and deletion
An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This...
CVE-2022-23737
Summary: CVE-2022-23737 is an improper privilege management vulnerability in GitHub Enterprise Server that allows users with insufficient privileges to create or delete pages via the API. An attacker would need to be added to an organization’s repository with write permissions to exploit it. The ...
PT-2022-16240 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.7 Description: An improper privilege management issue was identified that allowed users with improper privileges to create or delete pages via the API. To exploit this, an attacker would need to be...