930 matches found
CVE-2024-2440
A race condition in GitHub Enterprise Server allowed an existing admin to retain permissions on a detached repository by issuing a GraphQL mutation to alter repository permissions while the repository was detached. Affected: all GitHub Enterprise Server versions prior to 3.13. Fixes are available...
CVE-2024-3684
A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability...
CVE-2024-3646
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub...
CVE-2024-3470
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as we...
CVE-2024-3684 Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console
A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability...
CVE-2024-3684 Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console
A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability...
CVE-2024-3684
CVE-2024-3684 describes a server-side request forgery in GitHub Enterprise Server that, when an attacker has an editor role in the Management Console, could grant admin access to the appliance during configuration of Artifacts & Logs and Migrations Storage. The vulnerability required access to th...
CVE-2024-3646 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub...
CVE-2024-3646
CVE-2024-3646 : A command injection vulnerability was identified in GitHub Enterprise Server that could let an attacker with an editor role in the Management Console obtain admin SSH access to the instance during chat integration configuration. Exploitation required access to the GitHub Enterpris...
CVE-2024-3470
GitHub Enterprise Server suffers an Improper Privilege Management flaw that lets a repository deploy key bypass an organization’s ruleset when an attacker has a valid deploy key and repository administrator access. Affected versions are 3.11–3.12; remediation is to upgrade to 3.11.8 or 3.12.2. In...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...
PT-2024-20385 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.13 GitHub Enterprise Server versions 3.9 through 3.9.12 GitHub Enterprise Server versions 3.10 through 3.10.9 GitHub Enterprise Server versions 3.11 through 3.11.7 GitHub Enterprise Server versions...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...
PT-2024-26117 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.11 through 3.12 Description: An Improper Privilege Management issue was identified in GitHub Enterprise Server, allowing an attacker to bypass an organization ruleset using a deploy key. The attacker would...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...
PT-2024-27175 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.12 GitHub Enterprise Server versions 3.9 through 3.9.12 GitHub Enterprise Server versions 3.10 through 3.10.9 GitHub Enterprise Server versions 3.11 through 3.11.7 Description: A server side reques...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...
CVE-2024-1908
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings fo...
CVE-2024-2748
A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 a...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server, which stems from the presence ...