PT-2024-26117 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.11 through 3.12 Description: An Improper Privilege Management issue was identified in GitHub Enterprise Server, allowing an attacker to bypass an organization ruleset using a deploy key. The attacker would...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...

CVE-2024-1908

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings fo...

CVE-2024-2748

A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 a...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server, which stems from the presence ...

CVE-2024-2443

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub...

CVE-2024-2469

An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported...

CVE-2024-2469

An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported...

CVE-2024-2748 CSRF vulnerability was identified in GitHub Enterprise Server that allowed performing actions on behalf of a user

A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 a...

CVE-2024-2443

GitHub Enterprise Server has a command injection vulnerability in the Management Console GeoJSON configuration that could let an attacker with an editor role gain admin SSH access. Affected: all versions before 3.13. Fixed in 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. Remediation: upgrade to 3.1...

CVE-2024-2469

CVE-2024-2469 affects GitHub Enterprise Server. An attacker with an Administrator role could achieve remote code execution that grants SSH root access. Affected versions include 3.8.0 and later; fixes were released in 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. Documented impact is SSH root access...

CVE-2024-2469 Remote Code Execution in GitHub Enterprise Server Allowed Administrators to gain SSH access to the appliance

An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported...

GitHub Enterprise Server 跨站请求伪造漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A cross-site request forgery vulnerability exists in GitHub Enterprise Server version 3.12....

PT-2024-20393 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.13 GitHub Enterprise Server versions 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1 are not affected as they contain the fix, so the correct range is: GitHub Enterprise Server versions prior to 3.8.17,...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server 3.8.0 and later versions, which...

PT-2024-21917 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server version 3.12.0 Description: A Cross Site Request Forgery issue was identified that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user, with the mitigating factor that user interactio...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up one's GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.13 that stems...

PT-2024-20491 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.8.0 through 3.12.0 Description: An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This issue was reported via the GitHub Bug Bounty...

PT-2024-8208 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.15 GitHub Enterprise Server version 3.14.2 and earlier GitHub Enterprise Server versions prior to 3.14.3 GitHub Enterprise Server versions prior to 3.13.6 GitHub Enterprise Server versions prior to...