GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stem...

The vulnerability of the SAML SSO authentication mechanism in the corporate version of the GitHub Enterprise Server allows a perpetrator to gain access to a user account with administrator privileges.

The vulnerability of the SAML SSO authentication mechanism in the corporate version of the GitHub Enterprise Server is related to errors in verifying the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to gain access to a user account with administrator...

The vulnerability of the corporate version of the GitHub Enterprise Server, related to the disclosure of content in private repositories, allows a violator to gain access to confidential information.

The vulnerability of the corporate version of the GitHub Enterprise Server relates to the exposure of content in private repositories. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

The vulnerability of the corporate version of the GitHub Enterprise Server is related to improper authentication, which allows a malicious user to modify issues in public repositories.

The vulnerability of the corporate version of the GitHub Enterprise Server is related to improper authentication. Exploiting this vulnerability could allow a malicious actor to modify issues in public repositories remotely...

Vulnerabilities fixed in GitHub Enterprise Server

GitHub has fixed vulnerabilities in the Enterprise Server. A malicious party could exploit the vulnerabilities to access and potentially manipulate sensitive data. Also, under certain, unspecified conditions, a malicious party can use rogue SAML traffic to gain access to any account, including...

CVE-2024-7711

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server...

CVE-2024-6800

An XML signature wrapping vulnerability was present in GitHub Enterprise Server GHES when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise...

CVE-2024-6337

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...

CVE-2024-6800

An XML signature wrapping vulnerability was present in GitHub Enterprise Server GHES when utilizing SAML authentication with specific identity providers. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain...

CVE-2024-6800

An XML signature wrapping vulnerability was present in GitHub Enterprise Server GHES when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise...

CVE-2024-6800

CVE-2024-6800 is an XML signature wrapping vulnerability in GitHub Enterprise Server (GHES) affecting SAML authentication with certain IdPs that expose signed federation metadata XML. An attacker with direct network access could forge a SAML response to provision and/or gain access to a user with...

CVE-2024-6337 Incorrect Authorization allows read access to issues in GitHub Enterprise Server

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...

CVE-2024-6337 Incorrect Authorization allows read access to issues in GitHub Enterprise Server

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...

PT-2024-6121 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 GitHub Enterprise Server versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16 are not affected, all versions prior to these are vulnerable. Description: The issue is related to an XML signature wrappin...

PT-2024-6123 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 GitHub Enterprise Server version 3.13.3 GitHub Enterprise Server version 3.12.8 GitHub Enterprise Server version 3.11.14 GitHub Enterprise Server version 3.10.16 Description: An Incorrect...

PT-2024-6118 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 GitHub Enterprise Server versions 3.13.3, 3.12.8, and 3.11.14 are not vulnerable, but versions before these are affected. Description: An Incorrect Authorization issue was identified, allowing a...

The vulnerability of the corporate version of the GitHub Enterprise Server, related to the improper implementation of authentication algorithms, allows a perpetrator to gain full administrative privileges and access to the system.

The vulnerability of the corporate version of the GitHub Enterprise Server is related to the improper implementation of the authentication algorithm. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full access to the system with administrator privileges...

CVE-2024-6395

An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability...

CVE-2024-5816

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This...

CVE-2024-5795

A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version...