Lucene search
K

27 matches found

NVD
NVD
added last week8 views

CVE-2026-45408

Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc EOF...

9CVSS0.00234EPSS
Exploits0References2
EUVD
EUVD
added last week9 views

EUVD-2026-39801

Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc EOF...

9CVSS6AI score0.00234EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-45408

Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc...

9CVSS5.8AI score0.00234EPSS
Exploits0References3Affected Software1
CVE
CVE
added last week15 views

CVE-2026-45408

CVE-2026-45408 affects Dokku, a docker-powered PaaS. Before 0.38.2, the app name validation regex allows shell metacharacters, and when an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc (...

9CVSS6AI score0.00234EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added last week33 views

CVE-2026-45408 Dokku: OS Command Injection via App Name in Git Pre-Receive Hook

Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc EOF...

9CVSS0.00234EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52853

Name of the Vulnerable Software and Affected Versions Dokku versions prior to 0.38.2 Description An issue exists where the app name validation regex permits shell metacharacters. An authenticated user can exploit this by pushing to a git remote using a crafted app name. This name is embedded...

9CVSS6.2AI score0.00234EPSS
Exploits0References5
OSV
OSV
added 2026/06/16 11:41 p.m.3 views

GHSA-MM7C-RHG6-QR4R Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo

Summary Any authenticated low-privilege user with read access to a repository can push arbitrary commits directly to that repository, bypassing all write-access checks. Vulnerability Gitea's "Allow edits from maintainers" PR option can be abused via reverse-fork PRs: 1. The web UI PR-create...

8.5CVSS5.5AI score0.00028EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-50136

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An authorization bypass allows any authenticated low-privilege user with read access to a repository to push arbitrary commits directly to that repository, bypassing write-access checks. This...

8.5CVSS6AI score0.00028EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/11 11:42 p.m.12 views

CVE-2025-11578

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...

7.5CVSS7.3AI score0.00584EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 12:30 a.m.5 views

EUVD-2025-50831

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...

7.5CVSS6.8AI score0.00584EPSS
Exploits0References6
NVD
NVD
added 2025/11/10 11:15 p.m.3 views

CVE-2025-11578

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...

7.5CVSS0.00584EPSS
Exploits0References5
OSV
OSV
added 2025/11/10 11:15 p.m.5 views

CVE-2025-11578

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...

7.2CVSS5.9AI score0.00584EPSS
Exploits0References5
CVE
CVE
added 2025/11/10 10:44 p.m.14 views

CVE-2025-11578

CVE-2025-11578 is a privilege-escalation vulnerability in GitHub Enterprise Server. An authenticated Enterprise admin could abuse a symlink escape in pre-receive hook environments to replace system binaries during hook cleanup and inject their SSH key into root’s authorized_keys, enabling root SS...

7.5CVSS6.9AI score0.00584EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/10 10:44 p.m.4 views

CVE-2025-11578 Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...

7.5CVSS6.9AI score0.00584EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/10 10:44 p.m.9 views

CVE-2025-11578 Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...

7.5CVSS0.00584EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.7 views

PT-2025-46217

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.19 GitHub Enterprise Server versions 3.14.19 GitHub Enterprise Server versions 3.15.14 GitHub Enterprise Server versions 3.16.10 GitHub Enterprise Server versions 3.17.7 GitHub Enterprise Server...

7.5CVSS6.8AI score0.00584EPSS
Exploits0References8
OSV
OSV
added 2025/04/17 11:15 p.m.5 views

CVE-2025-3509

A Remote Code Execution RCE vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. The vulnerability involves using dynamically...

7.2CVSS6.2AI score
Exploits0References5
NVD
NVD
added 2025/04/17 11:15 p.m.33 views

CVE-2025-3509

A Remote Code Execution RCE vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. The vulnerability involves using dynamically...

7.2CVSS0.01209EPSS
Exploits0References5
CVE
CVE
added 2025/04/17 10:50 p.m.1099 views

CVE-2025-3509

CVE-2025-3509 affects GitHub Enterprise Server prior to 3.18 and is a Remote Code Execution in the pre-receive hook. The root cause involves using dynamically allocated ports that become temporarily available during specific operational conditions (e.g., hot patch upgrades), creating an exploitab...

7.2CVSS7.9AI score0.01209EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.4 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...

7.2CVSS8.1AI score0.01209EPSS
Exploits0References10
Rows per page
Query Builder