CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2022/02/18 12:0 a.m.•1 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is Github an open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from a lack of restricti...

8.8CVSS8AI score0.02496EPSS

Exploits0References5

OSV•added 2022/01/25 8:15 p.m.•0 views

CVE-2021-41598

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

8.8CVSS5.8AI score0.00272EPSS

Cvelist•added 2022/01/25 7:45 p.m.•14 views

CVE-2021-41598 UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user

8.9AI score0.00272EPSS

CNNVD•added 2022/01/25 12:0 a.m.•1 views

GitHub Enterprise Server 安全漏洞

8.8CVSS7.8AI score0.00272EPSS

OSV•added 2021/12/07 7:15 p.m.•0 views

CVE-2021-37940

An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly...

6.8CVSS5.8AI score0.00283EPSS

Exploits0References1

NVD•added 2021/12/07 7:15 p.m.•10 views

CVE-2021-37940

6.8CVSS0.00283EPSS

Exploits0References1

Elastic•added 2021/12/07 5:0 p.m.•3 views

Enterprise Search 7.16.0 Security Update

Enterprise Search Information Disclosure issue ESA-2021-28 An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the...

6.8CVSS6.1AI score0.00283EPSS

Exploits0

CNNVD•added 2021/12/07 12:0 a.m.•2 views

GitHub Enterprise Server 代码问题漏洞

GitHub Enterprise Server is Github an open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in Workplace Search Github Enterprise Server. An attacker can...

6.8CVSS6.7AI score0.00283EPSS

Exploits0References2

Prion•added 2021/11/10 2:15 a.m.•12 views

Path traversal

A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. Th...

4CVSS6.3AI score0.00457EPSS

CVE•added 2021/11/10 1:55 a.m.•47 views

CVE-2021-22870

The CVE-2021-22870 issue affects GitHub Enterprise Server pages builds and is a path-traversal vulnerability that could allow an attacker with permission to create and build a GitHub Pages site to read system files. The vulnerability exists in all versions prior to 3.3 and was fixed in 3.0.19, 3....

6.5CVSS6.3AI score0.00457EPSS

Cvelist•added 2021/11/10 1:55 a.m.•14 views

CVE-2021-22870 Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access

6.5AI score0.00457EPSS

CNNVD•added 2021/11/10 12:0 a.m.•2 views

GitHub Enterprise Server 路径遍历漏洞

GitHub Enterprise Server is Github an open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in the GitHub page builds on GitHub Enterprise Server, which can b...

6.5CVSS6.5AI score0.00457EPSS

OSV•added 2021/09/24 6:15 p.m.•2 views

CVE-2021-22868

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server...

4.3CVSS5.9AI score

OSV•added 2021/09/24 6:15 p.m.•1 views

CVE-2021-22869

An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group...

9.8CVSS5.9AI score

Exploits0References2

Prion•added 2021/09/24 6:15 p.m.•18 views

Path traversal

4CVSS5.3AI score0.00457EPSS

Positive Technologies•added 2021/09/24 12:0 a.m.•2 views

PT-2021-15242 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.0.0 through 3.0.15 GitHub Enterprise Server versions 3.1.0 through 3.1.7 Description: An improper access control issue in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner...

9.8CVSS9.7AI score0.00404EPSS

Exploits0References5

CNNVD•added 2021/09/24 12:0 a.m.•2 views

GitHub Enterprise Server 路径遍历漏洞

GitHub Enterprise Server is Github an open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A path traversal vulnerability exists in GitHub Enterprise Server, which stems from a path travers...

4.3CVSS5.1AI score0.00284EPSS

OSV•added 2021/07/14 9:15 p.m.•0 views

CVE-2021-22867

6.5CVSS6AI score

CNNVD•added 2021/07/14 12:0 a.m.•1 views

GitHub Enterprise Server 路径遍历漏洞

GitHub Enterprise Server is Github an open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. GitHub Enterprise Server suffers from a path traversal vulnerability that stems from a failure of ...

6.5CVSS5.7AI score0.00457EPSS