932 matches found
CVE-2024-1084
Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all...
CVE-2024-1084
GitHub Enterprise Server remote UI vulnerability CVE-2024-1084 is a Cross-site Scripting issue in the tag name pattern field of the tag protections UI. The flaw allows a malicious website, leveraging user interaction and social engineering, to change a user account via CSP bypass with created CSR...
GitHub Enterprise Server Cross-Site Scripting Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...
GitHub Enterprise Server Command Injection Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...
GitHub Enterprise Server Command Injection Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...
GitHub Enterprise Server Command Injection Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...
GitHub Enterprise Server Command Injection Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...
GitHub Enterprise Server Command Injection Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...
GitHub Enterprise Server Command Injection Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...
PT-2024-17967 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.12 Description: A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the...
PT-2024-17984 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.12 GitHub Enterprise Server version 3.11.5 GitHub Enterprise Server version 3.10.7 GitHub Enterprise Server version 3.9.10 GitHub Enterprise Server version 3.8.15 Description: A command injection...
PT-2024-17990 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.12 GitHub Enterprise Server version 3.11.5 GitHub Enterprise Server version 3.10.7 GitHub Enterprise Server version 3.9.10 GitHub Enterprise Server version 3.8.15 Description: A command injection...
GitHub Enterprise Server Path Traversal Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...
GitHub Enterprise Server Command Injection Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...
PT-2024-9876 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.12 GitHub Enterprise Server versions 3.8.0 through 3.8.14 GitHub Enterprise Server versions 3.9.0 through 3.9.9 GitHub Enterprise Server versions 3.10.0 through 3.10.6 GitHub Enterprise Server...
GitHub: RC Between GitHub's Repo Update REST API and updateTeamsRepository GraphQL Mutation Results in Covert and Persistent Admin Access Retention
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13...
GitHub: Privilege Escalation to Root SSH Access via Pre-Receive Hook Environment in GitHub Enterprise Server
An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported...
GitHub: Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via nomad template injection
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. This vulnerability affected all versions of GitHub...
The vulnerability of the corporate version of the GitHub Enterprise Server, related to the use of external management input for class selection, allows a perpetrator to execute arbitrary code.
The vulnerability of the corporate version of the GitHub Enterprise Server is related to the use of external management input data for class selection. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Management Console in the corporate version of GitHub Enterprise Server allows a perpetrator to execute arbitrary commands and increase their privileges.
The vulnerability of the Management Console in the corporate version of GitHub Enterprise Server is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands and increase their privileges...