930 matches found
CVE-2024-2443
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub...
CVE-2024-2469
An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported...
CVE-2024-2469
An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported...
CVE-2024-2748 CSRF vulnerability was identified in GitHub Enterprise Server that allowed performing actions on behalf of a user
A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 a...
CVE-2024-2443
GitHub Enterprise Server has a command injection vulnerability in the Management Console GeoJSON configuration that could let an attacker with an editor role gain admin SSH access. Affected: all versions before 3.13. Fixed in 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. Remediation: upgrade to 3.1...
CVE-2024-2469
CVE-2024-2469 affects GitHub Enterprise Server. An attacker with an Administrator role could achieve remote code execution that grants SSH root access. Affected versions include 3.8.0 and later; fixes were released in 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. Documented impact is SSH root access...
CVE-2024-2469 Remote Code Execution in GitHub Enterprise Server Allowed Administrators to gain SSH access to the appliance
An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported...
GitHub Enterprise Server 跨站请求伪造漏洞
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A cross-site request forgery vulnerability exists in GitHub Enterprise Server version 3.12....
PT-2024-20393 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.13 GitHub Enterprise Server versions 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1 are not affected as they contain the fix, so the correct range is: GitHub Enterprise Server versions prior to 3.8.17,...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server 3.8.0 and later versions, which...
PT-2024-21917 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server version 3.12.0 Description: A Cross Site Request Forgery issue was identified that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user, with the mitigating factor that user interactio...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up one's GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.13 that stems...
PT-2024-20491 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.8.0 through 3.12.0 Description: An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This issue was reported via the GitHub Bug Bounty...
Exploit for Unsafe Reflection in Github Enterprise_Server
Intro This repository contains exploits we have developed for...
PT-2024-8208 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.15 GitHub Enterprise Server version 3.14.2 and earlier GitHub Enterprise Server versions prior to 3.14.3 GitHub Enterprise Server versions prior to 3.13.6 GitHub Enterprise Server versions prior to...
CVE-2024-1908 Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed Privilege Escalation
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings fo...
CVE-2024-1908 Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed Privilege Escalation
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings fo...
PT-2024-18414
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.12 GitHub Enterprise Server versions 3.8.15 and earlier GitHub Enterprise Server versions 3.9.10 and earlier GitHub Enterprise Server versions 3.10.7 and earlier GitHub Enterprise Server versions...
CVE-2024-1482
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...
Authorization
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...