791 matches found
CVE-2024-1374 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required acce...
CVE-2024-1372 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise...
CVE-2024-1369
The CVE-2024-1369 issue is a command injection in GitHub Enterprise Server that lets an attacker with an editor role in the Management Console gain admin SSH access to the appliance when configuring collectd credentials. Affected products/versions: all before 3.12; fixed in 3.11.5, 3.10.7, 3.9.10...
CVE-2024-1369 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. Exploitation of this vulnerability...
CVE-2024-1369 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. Exploitation of this vulnerability...
CVE-2024-1355 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...
CVE-2024-1355 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...
CVE-2024-1354 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the syslog-ng configuration file. Exploitation of this vulnerability required access to the GitHub...
CVE-2024-1354
CVE-2024-1354 describes a command-injection vulnerability in GitHub Enterprise Server where an attacker with editor privileges in the Management Console could escalate to admin SSH access via the syslog-ng configuration. The issue requires access to the GitHub Enterprise Server instance and Manag...
CVE-2024-1354 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the syslog-ng configuration file. Exploitation of this vulnerability required access to the GitHub...
CVE-2024-1082 Path traversal vulnerability in GitHub Enterprise Server that allowed arbitrary file read with a specially crafted GitHub Pages artifact upload
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would...
CVE-2024-1084
Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all...
CVE-2024-1084
GitHub Enterprise Server remote UI vulnerability CVE-2024-1084 is a Cross-site Scripting issue in the tag name pattern field of the tag protections UI. The flaw allows a malicious website, leveraging user interaction and social engineering, to change a user account via CSP bypass with created CSR...
GitHub Enterprise Server Command Injection Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...
GitHub Enterprise Server Path Traversal Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...
GitHub Enterprise Server Cross-Site Scripting Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...
PT-2024-17984 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.12 GitHub Enterprise Server version 3.11.5 GitHub Enterprise Server version 3.10.7 GitHub Enterprise Server version 3.9.10 GitHub Enterprise Server version 3.8.15 Description: A command injection...
GitHub Enterprise Server Command Injection Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...
GitHub Enterprise Server Command Injection Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...
PT-2024-9876 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.12 GitHub Enterprise Server versions 3.8.0 through 3.8.14 GitHub Enterprise Server versions 3.9.0 through 3.9.9 GitHub Enterprise Server versions 3.10.0 through 3.10.6 GitHub Enterprise Server...