Lucene search
K
GithubEnterprise Server

5 matches found

CVE
CVE
added 2023/03/07 12:0 a.m.76 views

CVE-2022-46257

CVE-2022-46257 describes an information-disclosure vulnerability in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who lacked access to those repositories, causing repository names to appear in the UI. The attack would...

4.3CVSS4.2AI score0.00566EPSS
CVE
CVE
added 2024/03/20 11:9 p.m.71 views

CVE-2024-2748

CVE-2024-2748 is a Cross Site Request Forgery vulnerability affecting GitHub Enterprise Server 3.12.0 that could allow an attacker to perform unauthorized actions on behalf of a user. The underlying issue is a CSRF flaw that requires user interaction to exploit. GitHub fixed this in version 3.12....

4.3CVSS4.8AI score0.00189EPSS
CVE
CVE
added 2023/12/21 8:45 p.m.60 views

CVE-2023-51379

The CVE-2023-51379 issue concerns GitHub Enterprise Server where an incorrect authorization flaw allowed updating issue comments using an improperly scoped token. Affected products are GitHub Enterprise Server (versions 3.7 through 3.17.18, 3.8.x until 3.8.11, 3.9.x until 3.9.6, 3.10.x until 3.10...

4.9CVSS5AI score0.00611EPSS
CVE
CVE
added 2021/09/24 5:50 p.m.58 views

CVE-2021-22868

GitHub Enterprise Server suffers a path traversal vulnerability in the GitHub Pages build flow. User-controlled Pages configuration could allow reading files on the server. An attacker must have permission to create and build a GitHub Pages site. Affected versions are all before fixes: 3.1.8, 3.0...

4.3CVSS5.2AI score0.00899EPSS
CVE
CVE
added 2023/12/21 8:45 p.m.56 views

CVE-2023-51380

Summary: CVE-2023-51380 is an incorrect authorization vulnerability in GitHub Enterprise Server that allowed reading issue comments with an improperly scoped token. The issue affects all versions from 3.7 up to 3.11.x and is fixed by upgrading to 3.7.19, 3.8.12, 3.9.7, 3.10.4, or 3.11.1, respecti...

4.3CVSS4.2AI score0.00467EPSS