CVE-2025-23369

CVE-2025-23369 affects GitHub Enterprise Server and centers on an improper verification of the cryptographic signature that can enable signature spoofing for unauthorized internal users. Public details indicate that versions before 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0 are impacted. Some c...

PT-2025-4866 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.12.14 GitHub Enterprise Server versions prior to 3.13.10 GitHub Enterprise Server versions prior to 3.14.7 GitHub Enterprise Server versions prior to 3.15.2 GitHub Enterprise Server versions prior ...

GitHub Enterprise Server 数据伪造问题漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stem...

The vulnerability of the corporate version of the GitHub Enterprise Server, related to incorrect restrictions on the path to the restricted catalog, allows attackers to gain read access to arbitrary files.

The vulnerability of the corporate version of the GitHub Enterprise Server is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain read access to arbitrary files by adding specially...

SUSE CVE-2024-53859

go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...

AZL-53477 CVE-2024-53858 affecting package gh for versions less than 2.62.0-5

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

GHSA-JWCM-9G39-PMCW Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

Summary A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. Details This vulnerability stems from several gh commands used to clone a repository with...

CVE-2024-53859 go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace

go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...

The vulnerability of the corporate version of the GitHub Enterprise Server, related to the incorrect handling of symbolic links before accessing files, allows a violator to elevate their privileges to the root level.

The vulnerability of the corporate version of the GitHub Enterprise Server is related to the incorrect definition of symbolic links before accessing a file. Exploiting this vulnerability could allow an attacker to elevate their privileges to the root level...

The vulnerability of the corporate version of the GitHub Enterprise Server, related to deficiencies in authentication procedures, allows a violator to access confidential data.

The vulnerability of the corporate version of the GitHub Enterprise Server is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a perpetrator to access confidential data...

GitHub Enterprise - SAML Authentication Bypass

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be...

CVE-2024-8810

A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vulnerability affected all versions of GitHu...

CVE-2024-10824

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token PAT a...

CVE-2024-8810 Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed GitHub Apps to grant themselves write access

A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vulnerability affected all versions of GitHu...

CVE-2024-8810

Summary: CVE-2024-8810 affects GitHub Enterprise Server. A GitHub App installed in organizations could upgrade permissions from read to write without organization admin approval. Exploitation requires an account with administrator access to install a malicious GitHub App. Root cause / impact: Pri...

CVE-2024-10824 Authorization Bypass Vulnerability was Identified in GitHub Enterprise Server that Allowed Unauthorized Internal Users to Access Secret Scanning Alert Data

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token PAT a...

CVE-2024-10007

A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to the GitHub Enterprise Server instance. Thi...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. GitHub Enterprise Server suffers from a security vulnerability that...

GitHub Enterprise Server 后置链接漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stem...

PT-2024-39274 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14.1 GitHub Enterprise Server versions 3.13.4 and earlier GitHub Enterprise Server versions 3.12.9 and earlier GitHub Enterprise Server versions 3.11.15 and earlier GitHub Enterprise Server version...