PT-2022-16243 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server version 3.7.0 Description: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an...

CVE-2022-23738

An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to crea...

CVE-2022-23738

An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to crea...

Input validation

An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to crea...

PT-2022-16241 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.6 Description: An improper cache key issue was identified that allowed unauthorized access to private repository files through a public repository. To exploit this, an actor would need to be...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server 3.6 and earlier versions, which...

CVE-2022-23738 Incomplete cache verification issue in GitHub Enterprise Server leading to exposure of private repo files

An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to crea...

CVE-2022-23734

A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery SSRF that would let an attacke...

CVE-2022-23734 Deserialization of Untrusted Data vulnerability in GitHub Enterprise Server leading to Remote Code Execution

A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery SSRF that would let an attacke...

GitHub Enterprise Server 代码问题漏洞

GitHub Enterprise Server is an open source application from Github in the United States. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions pri...

PT-2022-16239 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.6 GitHub Enterprise Server version 3.5.3 GitHub Enterprise Server version 3.4.6 GitHub Enterprise Server version 3.3.11 GitHub Enterprise Server version 3.2.16 Description: A deserialization of...

CVE-2022-23734

CVE-2022-23734 describes a deserialization of untrusted data vulnerability in GitHub Enterprise Server (SVNBridge) that could enable remote code execution via an SSRF-assisted data deserialization path. Affected versions are all pre-3.6; fixed in 3.5.3, 3.4.6, 3.3.11, and 3.2.16. The vulnerabilit...

GitHub: Github Apps can use Scoped-User-To-Server Tokens to Obtain Full Access to User's Projects in Project V2 GraphQL api

An incorrect authorization vulnerability was found in GitHub Enterprise Server that allowed GitHub Apps to gain access to and modify most organization-level resources that are not tied to a repository, regardless of granted permissions. This vulnerability affected all versions of GitHub Enterpris...

CVE-2022-23733

A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy CSP. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions...

GitHub Enterprise Server 跨站脚本漏洞

GitHub Enterprise Server is GitHub an open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A cross-site scripting vulnerability exists in GitHub Enterprise Server versions prior to 3.6, whi...

CVE-2022-23732

A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the...

CVE-2022-23732

A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the...

GitHub Enterprise Server 路径遍历漏洞

GitHub Enterprise Server is Github an open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A path traversal vulnerability exists in GitHub Enterprise Server versions prior to 3.5, which...

GitHub: CSRF protection bypass in GitHub Enterprise management console

A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the...

CVE-2021-41599

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...