CVE-2023-23761 Improper authentication vulnerability in GitHub Enterprise Server leading to modification of secret gists

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist's URL. This vulnerability affected all...

PT-2023-19186 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.9 Description: An improper authentication issue was identified that allowed unauthorized modification of other users' secret gists by authenticating through an SSH certificate authority, provided t...

PT-2023-19187 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.9 Description: An incorrect comparison issue was identified in GitHub Enterprise Server, allowing commit smuggling by displaying an incorrect diff. An attacker would need write access to the...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up one's GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of an...

GitHub Enterprise Server 授权问题漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. GitHub Enterprise Server suffers from an authorization issue vulnerability that stems from...

PT-2023-14675 · Xiongmaitech · Mbd6304T Firmware +1

exploit 1. CVE-2024-0012/CVE-2024-9474: Auth Bypass in PAN-OS Web Interface https://t.co/SgNOxX5gde 2. CVE-2025-23369: GitHub Entreprise Server SAML auth bypass https://t.co/iCGbLYz9rt 3. CVE-2022-45460: ROPing our way to RCE https://t.co/GzC2JZCb2N...

CVE-2023-23760

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...

Path traversal

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...

CVE-2023-23760 Path traversal in GitHub Enterprise Server leading to remote code execution

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...

PT-2023-19185 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.8 Description: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an...

GitHub Enterprise Server 路径遍历漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.8, which...

CVE-2022-46257

An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploi...

CVE-2022-46257

An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploi...

CVE-2022-46257 Information disclosure in GitHub Enterprise Server leading to unauthorized viewing of private repository names

An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploi...

CVE-2022-46257 Information disclosure in GitHub Enterprise Server leading to unauthorized viewing of private repository names

An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploi...

CVE-2022-46257

CVE-2022-46257 describes an information-disclosure vulnerability in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who lacked access to those repositories, causing repository names to appear in the UI. The attack would...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.7. An attacker...

CVE-2023-22381

A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to...

CVE-2023-22381 Code injection in GitHub Enterprise Server leading to arbitrary environment variables in GitHub Actions

A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to...

CVE-2023-22381

CVE-2023-22381 is a code injection vulnerability in GitHub Enterprise Server that allows setting arbitrary environment variables via a single env var value in GitHub Actions when running on Windows. The root cause is the insecure handling of environment variables in the Actions workflow context, ...