5 matches found
CVE-2022-46257
CVE-2022-46257 describes an information-disclosure vulnerability in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who lacked access to those repositories, causing repository names to appear in the UI. The attack would...
CVE-2024-2748
CVE-2024-2748 is a Cross Site Request Forgery vulnerability affecting GitHub Enterprise Server 3.12.0 that could allow an attacker to perform unauthorized actions on behalf of a user. The underlying issue is a CSRF flaw that requires user interaction to exploit. GitHub fixed this in version 3.12....
CVE-2023-51379
The CVE-2023-51379 issue concerns GitHub Enterprise Server where an incorrect authorization flaw allowed updating issue comments using an improperly scoped token. Affected products are GitHub Enterprise Server (versions 3.7 through 3.17.18, 3.8.x until 3.8.11, 3.9.x until 3.9.6, 3.10.x until 3.10...
CVE-2021-22868
GitHub Enterprise Server suffers a path traversal vulnerability in the GitHub Pages build flow. User-controlled Pages configuration could allow reading files on the server. An attacker must have permission to create and build a GitHub Pages site. Affected versions are all before fixes: 3.1.8, 3.0...
CVE-2023-51380
Summary: CVE-2023-51380 is an incorrect authorization vulnerability in GitHub Enterprise Server that allowed reading issue comments with an improperly scoped token. The issue affects all versions from 3.7 up to 3.11.x and is fixed by upgrading to 3.7.19, 3.8.12, 3.9.7, 3.10.4, or 3.11.1, respecti...