CVE-2024-8770

CVE-2024-8770 describes a Cross-Site Scripting (XSS) vulnerability in the repository transfer feature of GitHub Enterprise Server. The issue affected all versions prior to the fixed releases and allowed attackers to steal sensitive user information via social engineering. Fixes were released in G...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stem...

PT-2024-39238 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.10.17 GitHub Enterprise Server versions prior to 3.11.15 GitHub Enterprise Server versions prior to 3.12.9 GitHub Enterprise Server versions prior to 3.13.4 GitHub Enterprise Server versions prior ...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stem...

The vulnerability of the SAML SSO authentication mechanism in the corporate version of the GitHub Enterprise Server allows a perpetrator to gain access to a user account with administrator privileges.

The vulnerability of the SAML SSO authentication mechanism in the corporate version of the GitHub Enterprise Server is related to errors in verifying the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to gain access to a user account with administrator...

The vulnerability of the corporate version of the GitHub Enterprise Server is related to improper authentication, which allows a malicious user to modify issues in public repositories.

The vulnerability of the corporate version of the GitHub Enterprise Server is related to improper authentication. Exploiting this vulnerability could allow a malicious actor to modify issues in public repositories remotely...

The vulnerability of the corporate version of the GitHub Enterprise Server, related to the disclosure of content in private repositories, allows a violator to gain access to confidential information.

The vulnerability of the corporate version of the GitHub Enterprise Server relates to the exposure of content in private repositories. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

Vulnerabilities fixed in GitHub Enterprise Server

GitHub has fixed vulnerabilities in the Enterprise Server. A malicious party could exploit the vulnerabilities to access and potentially manipulate sensitive data. Also, under certain, unspecified conditions, a malicious party can use rogue SAML traffic to gain access to any account, including...

CVE-2024-7711

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server...

CVE-2024-6337

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...

CVE-2024-6800

An XML signature wrapping vulnerability was present in GitHub Enterprise Server GHES when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise...

CVE-2024-6800

An XML signature wrapping vulnerability was present in GitHub Enterprise Server GHES when utilizing SAML authentication with specific identity providers. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain...

CVE-2024-6800

CVE-2024-6800 is an XML signature wrapping vulnerability in GitHub Enterprise Server (GHES) affecting SAML authentication with certain IdPs that expose signed federation metadata XML. An attacker with direct network access could forge a SAML response to provision and/or gain access to a user with...

CVE-2024-6800

An XML signature wrapping vulnerability was present in GitHub Enterprise Server GHES when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise...

CVE-2024-6337 Incorrect Authorization allows read access to issues in GitHub Enterprise Server

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...

CVE-2024-6337 Incorrect Authorization allows read access to issues in GitHub Enterprise Server

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...

PT-2024-6123 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 GitHub Enterprise Server version 3.13.3 GitHub Enterprise Server version 3.12.8 GitHub Enterprise Server version 3.11.14 GitHub Enterprise Server version 3.10.16 Description: An Incorrect...

PT-2024-6118 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 GitHub Enterprise Server versions 3.13.3, 3.12.8, and 3.11.14 are not vulnerable, but versions before these are affected. Description: An Incorrect Authorization issue was identified, allowing a...

PT-2024-6121 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 GitHub Enterprise Server versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16 are not affected, all versions prior to these are vulnerable. Description: The issue is related to an XML signature wrappin...

The vulnerability of the corporate version of the GitHub Enterprise Server, related to the improper implementation of authentication algorithms, allows a perpetrator to gain full administrative privileges and access to the system.

The vulnerability of the corporate version of the GitHub Enterprise Server is related to the improper implementation of the authentication algorithm. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full access to the system with administrator privileges...