9 matches found
CVE-2025-11578
A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...
CVE-2025-11578
CVE-2025-11578 is a privilege-escalation vulnerability in GitHub Enterprise Server. An authenticated Enterprise admin could abuse a symlink escape in pre-receive hook environments to replace system binaries during hook cleanup and inject their SSH key into root’s authorized_keys, enabling root SS...
CVE-2025-11578 Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation
A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...
CVE-2025-11578 Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation
A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape in pre-receive hook environments. By crafting a malicious repository and environment, an attacker...
CVE-2025-3509
CVE-2025-3509 affects GitHub Enterprise Server prior to 3.18 and is a Remote Code Execution in the pre-receive hook. The root cause involves using dynamically allocated ports that become temporarily available during specific operational conditions (e.g., hot patch upgrades), creating an exploitab...
PT-2025-17246 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.18 Description: A Remote Code Execution RCE vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionalit...
openSUSE Security Update : gitolite (openSUSE-2019-754)
This update for gitolite fixes the following issues : Gitolite was updated to 3.6.9 : - CVE-2018-16976: prevent racy access to repos in process of migration to gitolite boo1108272 - 'info' learns new '-p' option to show only physical repos as opposed to wild repos The update to 3.6.8 contains : -...
openSUSE: Security Advisory for gitolite (openSUSE-SU-2018:3035-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for gitolite (moderate)
This update for gitolite fixes the following issues: Gitolite was updated to 3.6.9: - CVE-2018-16976: prevent racy access to repos in process of migration to gitolite boo1108272 - 'info' learns new '-p' option to show only physical repos as opposed to wild repos The update to 3.6.8 contains: - fi...