Lucene search

K
GithubEnterprise Server3.11.0

10 matches found

CVE
CVE
added 2023/12/21 9:15 p.m.64 views

CVE-2023-6690

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in ...

3.9CVSS4AI score0.00088EPSS
CVE
CVE
added 2023/12/21 9:15 p.m.63 views

CVE-2023-6847

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. Thi...

7.5CVSS7.6AI score0.00119EPSS
CVE
CVE
added 2023/12/21 9:15 p.m.43 views

CVE-2023-6802

An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a ba...

7.2CVSS6.7AI score0.0003EPSS
CVE
CVE
added 2023/12/21 9:15 p.m.42 views

CVE-2023-51380

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11...

4.3CVSS4.2AI score0.0017EPSS
CVE
CVE
added 2023/12/21 9:15 p.m.39 views

CVE-2023-51379

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permission...

4.9CVSS5AI score0.00138EPSS
CVE
CVE
added 2023/12/21 9:15 p.m.39 views

CVE-2023-6746

An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an adversary in the middle attack when combined with other phishing techniques. To exploit this, an attacker would need access to the l...

8.1CVSS5.4AI score0.00181EPSS
CVE
CVE
added 2023/12/21 9:15 p.m.34 views

CVE-2023-46649

A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, ...

7CVSS6.3AI score0.00147EPSS
CVE
CVE
added 2023/12/21 9:15 p.m.32 views

CVE-2023-6803

A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

5.8CVSS4.4AI score0.00095EPSS
CVE
CVE
added 2023/12/21 9:15 p.m.28 views

CVE-2023-6804

Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12,...

6.5CVSS5.9AI score0.00077EPSS
CVE
CVE
added 2023/12/21 9:15 p.m.26 views

CVE-2023-46648

An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability af...

8.3CVSS7.6AI score0.01027EPSS