930 matches found
CVE-2021-22862
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference ...
CVE-2021-22863
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...
CVE-2021-22862
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference ...
CVE-2021-22861
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...
CVE-2020-10519
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...
CVE-2020-10519
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...
CVE-2021-22863
CVE-2021-22863 is an improper access control vulnerability in GitHub Enterprise Server’s GraphQL API. It allowed authenticated users to modify the maintainer collaboration permission on a pull request, potentially exposing head branches of repos where they are a maintainer. Affected versions span...
CVE-2021-22863 Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...
CVE-2021-22862
GitHub Enterprise Server 3.0.0, 3.0.0.rc2, and 3.0.0.rc1 are affected by an improper access control vulnerability that lets an authenticated user who can fork a repository disclose Actions secrets from the parent repository. The root cause is a flaw that allows the base reference of a PR to be up...
CVE-2021-22862 Improper access control in GitHub Enterprise Server leading to the disclosure of Actions secrets to forks
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference ...
CVE-2020-10519
Summary: CVE-2020-10519 is a remote code execution risk in GitHub Enterprise Server when building GitHub Pages, caused by overly permissive, user-controlled configuration of parsers used by Pages. The issue affects all versions prior to 2.22.7 and is fixed in 2.22.7, 2.21.15, and 2.20.24. Exploit...
CVE-2020-10519 Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...
GitHub 命令注入漏洞
GitHub is a suite of hosting platforms for open source and private software projects. A security vulnerability exists in GitHub Enterprise Server prior to 2.22.7, which can be exploited by attackers to remotely execute code...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is a U.S. GitHub open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in the GitHub Enterprise Server GraphQL API that allows an...
PT-2021-15236 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 2.12.22 through 2.20.23 GitHub Enterprise Server versions 2.21.0 through 2.21.14 GitHub Enterprise Server versions 2.22.0 through 2.22.6 GitHub Enterprise Server versions 3.0.0 Description: An improper access...
PT-2021-15234 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 2.4.21 through 2.20.23 GitHub Enterprise Server versions 2.21.0 through 2.21.14 GitHub Enterprise Server versions 2.22.0 through 2.22.6 GitHub Enterprise Server versions 3.0.0 Description: An improper access...
Vulnerability Scanning With the Metasploit Remote Check Service (Beta Release)
InsightVM and Nexpose customers can now harness the power of the Metasploit community to assess their exposure to the latest threats. The Feb. 3 release of InsightVM and Nexpose version 6.6.63 includes a beta version of the Metasploit Remote Check Service, bringing Metasploit check method...
CVE-2020-10518
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...
CVE-2020-10518
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...
CVE-2020-10517 Improper access control in GitHub Enterprise Server leading to the enumeration of private repository names
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository conten...