791 matches found
CVE-2024-5566
CVE-2024-5566 affects GitHub Enterprise Server prior to 3.14, where an improper privilege management issue allowed migration of private repositories without sufficient Personal Access Token scopes. The root cause is insufficient access control during repository migration, enabling unintended cont...
PT-2024-37160 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: A Denial of Service issue was identified in GitHub Enterprise Server, allowing an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This...
PT-2024-37592 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: An exposure of sensitive information issue in GitHub Enterprise Server allows an attacker to enumerate the names of private repositories that utilize deploy keys. This issue does no...
PT-2024-37177 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: A Cross-Site Request Forgery issue in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. The attacker would have t...
PT-2024-36574 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: An improper privilege management issue allowed users to migrate private repositories without having the appropriate scopes defined on the related Personal Access Token...
PT-2024-37179 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: An Incorrect Authorization issue was identified in GitHub Enterprise Server, allowing read access to issue content via GitHub Projects. This issue was only exploitable in internal...
GitHub: SAML Signature verification bypass allows logging into any user (with specific conditions)
The vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response and gain unauthorized access to the instance, including site administrator privileges, by exploiting a signature verification bypass. The vulnerability affected all versions of...
CVE-2024-5746
A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...
CVE-2024-5746
A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise...
GitHub Enterprise Server Security Vulnerability
GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...
Patch Now Critical Auth Bypass Flaw in GitHub Enterprise Server Fixed
...
Vulnerability fixed in Github Enterprise Server
Github has fixed a vulnerability in Github Enterprise Server. A malicious party could exploit the vulnerability to gain access to the Github environment, possibly even as an administrator. The vulnerability is in the way Github handles SAML-Single-Sign-on. If the optional "Security Assertions" ar...
Critical GitHub Enterprise Server Flaw Allows Authentication Bypass
GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server GHES that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 CVSS score: 10.0, the issue could permit unauthorized access to an instance without requiring prior...
CVE-2024-4985
An authentication bypass vulnerability was present in the GitHub Enterprise Server GHES when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with...
CVE-2024-4985
The CVE-2024-4985 issue affects GitHub Enterprise Server (GHES) where SAML SSO with optional encrypted assertions can be abused to forge a SAML response, enabling provisioning or access to a site administrator account without prior authentication. The vulnerability impacts all GHES versions prior...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...
PT-2024-5050 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.13.0 GitHub Enterprise Server version 3.9.15 GitHub Enterprise Server version 3.10.12 GitHub Enterprise Server version 3.11.10 GitHub Enterprise Server version 3.12.4 Description: An authentication...
GitHub: Information Leakage via Clicked Link in GitHub Repository (Fingerprinting)
A vulnerability was identified in GitHub Enterprise Server that allowed an attacker to retrieve metadata information of a user who clicks on an uploaded malicious asset URL. The vulnerability affected all versions prior to 3.14 and was fixed in later versions...
GitHub: Access body and title of Internal Repo Issues in Projects
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and...
GitHub: GitHub Apps can access suspended installations via scoped user-to-server tokens
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This vulnerability was only exploitable in public repositories. The vulnerability affected all versions of...