62 matches found
CVE-2024-4985
The CVE-2024-4985 issue affects GitHub Enterprise Server (GHES) where SAML SSO with optional encrypted assertions can be abused to forge a SAML response, enabling provisioning or access to a site administrator account without prior authentication. The vulnerability impacts all GHES versions prior...
CVE-2025-23369
CVE-2025-23369 affects GitHub Enterprise Server and centers on an improper verification of the cryptographic signature that can enable signature spoofing for unauthorized internal users. Public details indicate that versions before 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0 are impacted. Some c...
CVE-2025-3509
CVE-2025-3509 affects GitHub Enterprise Server prior to 3.18 and is a Remote Code Execution in the pre-receive hook. The root cause involves using dynamically allocated ports that become temporarily available during specific operational conditions (e.g., hot patch upgrades), creating an exploitab...
CVE-2024-9487
CVE-2024-9487 describes an improper verification of cryptographic signatures in GitHub Enterprise Server that enables bypass of SAML SSO authentication, leading to unauthorized user provisioning and instance access. According to connected sources, exploitation requires the encrypted assertions fe...
CVE-2022-23732
The CVE-2022-23732 entry concerns a path traversal vulnerability in the GitHub Enterprise Server management console that bypasses CSRF protections and could lead to privilege escalation. Affected software: GitHub Enterprise Server management console (all versions prior to 3.5). Root cause: path t...
CVE-2024-1354
CVE-2024-1354 describes a command-injection vulnerability in GitHub Enterprise Server where an attacker with editor privileges in the Management Console could escalate to admin SSH access via the syslog-ng configuration. The issue requires access to the GitHub Enterprise Server instance and Manag...
CVE-2024-2440
A race condition in GitHub Enterprise Server allowed an existing admin to retain permissions on a detached repository by issuing a GraphQL mutation to alter repository permissions while the repository was detached. Affected: all GitHub Enterprise Server versions prior to 3.13. Fixes are available...
CVE-2024-1359
Summary: CVE-2024-1359 is a command injection vulnerability in GitHub Enterprise Server that allowed an attacker with the Management Console’s editor role to escalate to admin/root SSH access when configuring an HTTP proxy. Affected products/versions: all GitHub Enterprise Server versions prior t...
CVE-2024-1355
CVE-2024-1355 describes a command injection in GitHub Enterprise Server. An attacker with the Management Console editor role could exploit the actions-console docker container to gain admin SSH access to the appliance by manipulating a service URL. Exploitation required access to the GitHub Enter...
CVE-2024-1372
GitHub Enterprise Server suffers a command injection vulnerability that allows an attacker with the Management Console editor role to obtain admin SSH access during SAML configuration. Affected: all versions prior to 3.12; fixes are available in 3.11.5, 3.10.7, 3.9.10, and 3.8.15. The root cause ...
CVE-2024-1082
Summary: CVE-2024-1082 describes a path traversal in GitHub Enterprise Server that allows an attacker with page-site build permissions to read files via symbolic links in a crafted artifact tarball uploaded to GitHub Pages. Affected product/versions: GitHub Enterprise Server prior to 3.12. Fixed ...
CVE-2022-23739
CVE-2022-23739 concerns an incorrect authorization flaw in GitHub Enterprise Server that allowed a GitHub App to escalate privileges via GraphQL API requests. The issue could let an app installed in an organization access and modify most organization‑level resources not tied to a repository (e.g....
CVE-2024-1369
The CVE-2024-1369 issue is a command injection in GitHub Enterprise Server that lets an attacker with an editor role in the Management Console gain admin SSH access to the appliance when configuring collectd credentials. Affected products/versions: all before 3.12; fixed in 3.11.5, 3.10.7, 3.9.10...
CVE-2024-1374
CVE-2024-1374 : In GitHub Enterprise Server, a command-injection in the Management Console via nomad templates allowed an attacker with an editor role to escalate to admin SSH access to the appliance (root) when configuring audit log forwarding. Exploitation requires access to the GitHub Enterpri...
CVE-2024-1378
Summary: CVE-2024-1378 is a command injection vulnerability in GitHub Enterprise Server that lets an attacker with the Management Console editor role trigger admin SSH access via nomad templates when configuring SMTP options. Exploitation requires access to the affected GitHub Enterprise Server i...
CVE-2026-3854
CVE-2026-3854 describes an RCE vulnerability in GitHub Enterprise Server arising during git push option handling. An attacker with push access could abuse unsanitized user-supplied push option values that are incorporated into internal service headers; because the header format uses a delimiter t...
CVE-2022-23734
CVE-2022-23734 describes a deserialization of untrusted data vulnerability in GitHub Enterprise Server (SVNBridge) that could enable remote code execution via an SSRF-assisted data deserialization path. Affected versions are all pre-3.6; fixed in 3.5.3, 3.4.6, 3.3.11, and 3.2.16. The vulnerabilit...
CVE-2024-2469
CVE-2024-2469 affects GitHub Enterprise Server. An attacker with an Administrator role could achieve remote code execution that grants SSH root access. Affected versions include 3.8.0 and later; fixes were released in 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. Documented impact is SSH root access...
CVE-2022-46256
CVE-2022-46256 — GitHub Enterprise Server : A path traversal vulnerability allows remote code execution when building a GitHub Pages site. An attacker must have permission to create and build a Pages site on the instance. The issue affects GitHub Enterprise Server and is fixed in versions 3.3.17,...
CVE-2025-3124
CVE-2025-3124 concerns a missing authorization vulnerability in GitHub Enterprise Server that allowed a user to see the names of private repositories they otherwise wouldn’t access via the Security Overview in GitHub Advanced Security. The issue affected all versions prior to 3.17 and was fixed i...
CVE-2024-3684
CVE-2024-3684 describes a server-side request forgery in GitHub Enterprise Server that, when an attacker has an editor role in the Management Console, could grant admin access to the appliance during configuration of Artifacts & Logs and Migrations Storage. The vulnerability required access to th...
CVE-2024-2443
GitHub Enterprise Server has a command injection vulnerability in the Management Console GeoJSON configuration that could let an attacker with an editor role gain admin SSH access. Affected: all versions before 3.13. Fixed in 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. Remediation: upgrade to 3.1...
CVE-2021-22867
CVE-2021-22867 / CVE-2021-22868 (GitHub Enterprise Server) : Path traversal through GitHub Pages configuration options that are user-controlled, allowing reading files on the server during page builds. Affected versions: all before 3.1.3 (fixed in 3.1.3, 3.0.11, 2.22.17). Red Hat notes indicate t...
CVE-2024-3646
CVE-2024-3646 : A command injection vulnerability was identified in GitHub Enterprise Server that could let an attacker with an editor role in the Management Console obtain admin SSH access to the instance during chat integration configuration. Exploitation required access to the GitHub Enterpris...
CVE-2023-22381
CVE-2023-22381 is a code injection vulnerability in GitHub Enterprise Server that allows setting arbitrary environment variables via a single env var value in GitHub Actions when running on Windows. The root cause is the insecure handling of environment variables in the Actions workflow context, ...
CVE-2022-46258
CVE-2022-46258 describes an incorrect authorization in GitHub Enterprise Server where a repository-scoped token with read/write access could modify Action Workflow files without a Workflow scope. Affected: all versions before 3.7. Fixes were released in 3.3.16, 3.4.11, 3.5.8, and 3.6.4. Practical...
CVE-2023-23761
GitHub Enterprise Server faces an improper authentication vulnerability that could let an unauthorized actor modify other users’ secret gists by authenticating through an SSH certificate authority, provided the secret gist URL is known. Affected all versions before 3.9; fixes were released in 3.4...
CVE-2022-23737
Summary: CVE-2022-23737 is an improper privilege management vulnerability in GitHub Enterprise Server that allows users with insufficient privileges to create or delete pages via the API. An attacker would need to be added to an organization’s repository with write permissions to exploit it. The ...
CVE-2024-5746
CVE-2024-5746 describes a Server-Side Request Forgery in GitHub Enterprise Server that allowed an authenticated Site Administrator to achieve arbitrary code execution on the instance. Affected versions were all before 3.13, with fixes in 3.12.5, 3.11.11, 3.10.13, and 3.9.16. Public references fro...
CVE-2021-22865
Summary. CVE-2021-22865 is an improper access control vulnerability in GitHub Enterprise Server that allows access tokens generated from a GitHub App’s web authentication flow to read private repository metadata via the REST API without granted permissions. Prerequisites: an attacker must create ...
CVE-2021-41598
GitHub Enterprise Server vulnerability CVE-2021-41598 is a UI misrepresentation flaw in the GitHub App authorization flow. It can cause more permissions to be granted than the user sees during approval, specifically if the user later updates the repositories an app is installed on after additiona...
CVE-2022-23741
Summary : CVE-2022-23741 affects GitHub Enterprise Server. An incorrect authorization vulnerability allowed a scoped user-to-server token to escalate to full admin/owner privileges, requiring an admin to install a malicious GitHub App. The issue was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3....
CVE-2024-1084
GitHub Enterprise Server remote UI vulnerability CVE-2024-1084 is a Cross-site Scripting issue in the tag name pattern field of the tag protections UI. The flaw allows a malicious website, leveraging user interaction and social engineering, to change a user account via CSP bypass with created CSR...
CVE-2024-9539
CVE-2024-9539 affects GitHub Enterprise Server prior to 3.14, where an information-disclosure flaw allowed an attacker to retrieve a user’s metadata by triggering via an uploaded asset URL (involving malicious SVG files) and then craft phishing pages. The vulnerability is fixed in 3.14.2, and als...
CVE-2021-22868
GitHub Enterprise Server suffers a path traversal vulnerability in the GitHub Pages build flow. User-controlled Pages configuration could allow reading files on the server. An attacker must have permission to create and build a GitHub Pages site. Affected versions are all before fixes: 3.1.8, 3.0...
CVE-2023-23760
Summary: CVE-2023-23760 is a path traversal vulnerability in GitHub Enterprise Server that leads to remote code execution when building a GitHub Pages site. The attacker must have permission to create and build a GitHub Pages site on the target instance. Affected scope: GitHub Enterprise Server v...
CVE-2024-10001
GitHub Enterprise Server is affected by CVE-2024-10001. The vulnerability arises from an improper sequence of validation in the message handling function: the origin check occurs after accepting a user-controlled identity property, enabling a code injection via the query selector and exfiltration...
CVE-2024-0507
GitHub Enterprise Server CVE-2024-0507 is a privilege-escalation via command injection in the Management Console. An attacker with a Management Console editor role can escalate privileges by exploiting input handling in the console. Affected versions include all GHES releases prior to fixes; reme...
CVE-2024-10007
GitHub Enterprise Server CVE-2024-10007 is a path collision and arbitrary code execution flaw enabling container escape to root via ghe-firejail. Exploitation requires Enterprise Administrator access. Affected: all versions before 3.15. Remediations are to upgrade to fixed versions: 3.14.3, 3.13....
CVE-2021-22870
The CVE-2021-22870 issue affects GitHub Enterprise Server pages builds and is a path-traversal vulnerability that could allow an attacker with permission to create and build a GitHub Pages site to read system files. The vulnerability exists in all versions prior to 3.3 and was fixed in 3.0.19, 3....
CVE-2023-23766
CVE-2023-23766 describes an incorrect comparison vulnerability in GitHub Enterprise Server that enabled commit smuggling by displaying an incorrect diff when re-opening a Pull Request. Exploitation would require write access to the repository. All versions prior to the fixed releases are affected...
CVE-2023-23762
CVE-2023-23762 describes an incorrect comparison vulnerability in GitHub Enterprise Server that enables commit smuggling by displaying an incorrect diff. An attacker would need write access to a repository and must correctly guess the target branch before it’s created by the maintainer. The issue...
CVE-2025-6981
CVE-2025-6981 describes an incorrect authorization vulnerability in GitHub Enterprise Server that allowed unauthorized read access to internal repositories for contractor accounts when the Contractors API feature was enabled. The issue affected all versions prior to 3.18 and has been fixed in ver...
CVE-2024-1908
CVE-2024-1908 concerns GitHub Enterprise Server. The issue is an improper privilege management flaw that allowed an attacker with a non-default GitHub Connect setting and an account on the server to use the Enterprise Actions GitHub Connect download token to fetch private repository data. Affecte...
CVE-2026-8606
A Server-Side Request Forgery (SSRF) in GitHub Enterprise Server was exposed via the security advisories package lookup endpoint, allowing an attacker to issue HTTP requests to internal services. By directing requests to an internal management service and measuring response timing, an attacker co...
CVE-2025-8447
CVE-2025-8447 : GitHub Enterprise Server had an improper access-control issue enabling users with access to one repo to retrieve limited code from another repo by stacking a diff between repositories. An attacker needed the private-repo name and a branch/tag/commit SHA to trigger the compare/diff...
CVE-2026-8034
CVE-2026-8034 is a server-side request forgery (SSRF) vulnerability in the GitHub Enterprise Server notebook viewer. The issue stems from URL parser confusion between the validation layer and the HTTP request library, where hostname validation uses a different parser than the request library, all...
CVE-2026-7541
CVE-2026-7541 is a denial-of-service vulnerability in GitHub Enterprise Server. An unauthenticated attacker could trigger service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON bodies without siz...
CVE-2026-1355
GitHub Enterprise Server contains a Missing Authorization vulnerability in the repository migration upload endpoint. An authenticated attacker could supply a migration identifier to overwrite or replace a victim’s migration archive, potentially causing victims to download attacker-controlled repo...
CVE-2026-3306
CVE-2026-3306 describes an improper authorization in GitHub Enterprise Server where a user with read access to a repository and write access to a project could modify issue and pull request metadata via the project without repository write permissions being verified during column value updates. T...