Lucene search
+L
GithubEnterprise Server

16 matches found

CVE
CVE
added 2022/08/02 4:5 p.m.107 views

CVE-2022-23733

CVE-2022-23733 is a stored XSS vulnerability in GitHub Enterprise Server affecting all versions prior to 3.6. The issue allows injection of arbitrary attributes, with exploitation blocked by GitHub’s CSP. Remediation released in versions 3.3.11, 3.4.6, and 3.5.3. NVD metrics list CVSS 3.1 base sc...

5.4CVSS5.4AI score0.00495EPSS
CVE
CVE
added 2024/04/19 5:2 p.m.102 views

CVE-2024-2440

A race condition in GitHub Enterprise Server allowed an existing admin to retain permissions on a detached repository by issuing a GraphQL mutation to alter repository permissions while the repository was detached. Affected: all GitHub Enterprise Server versions prior to 3.13. Fixes are available...

5.9CVSS6.6AI score0.00452EPSS
CVE
CVE
added 2022/11/01 12:0 a.m.85 views

CVE-2022-23738

CVE-2022-23738 affects GitHub Enterprise Server. The issue is an improper cache key vulnerability that could allow an unauthorized actor to access private repository files through a public repository, given the actor is already authorized on the server, can create a public repository, and a site ...

5.7CVSS5.4AI score0.00634EPSS
CVE
CVE
added 2023/12/21 8:45 p.m.85 views

CVE-2023-46646

CVE-2023-46646 describes improper access control in GitHub Enterprise Server: unauthorized users could view only private repository names via the Get a check run API endpoint, not repository content. Affected: GitHub Enterprise Server versions 3.7.0 and above. Fixed in multiple maintenance releas...

5.3CVSS5.2AI score0.0054EPSS
CVE
CVE
added 2025/04/17 10:50 p.m.74 views

CVE-2025-3124

CVE-2025-3124 concerns a missing authorization vulnerability in GitHub Enterprise Server that allowed a user to see the names of private repositories they otherwise wouldn’t access via the Security Overview in GitHub Advanced Security. The issue affected all versions prior to 3.17 and was fixed i...

5.3CVSS6.2AI score0.0041EPSS
CVE
CVE
added 2024/08/20 7:17 p.m.65 views

CVE-2024-7711

CVE-2024-7711 is an Incorrect Authorization vulnerability in GitHub Enterprise Server that allowed an attacker to update the title, assignees, and labels of any issue inside a public repository, and was exploitable only within public repos. Affected products: GitHub Enterprise Server versions bef...

5.3CVSS7AI score0.00495EPSS
CVE
CVE
added 2024/10/11 5:52 p.m.59 views

CVE-2024-9539

CVE-2024-9539 affects GitHub Enterprise Server prior to 3.14, where an information-disclosure flaw allowed an attacker to retrieve a user’s metadata by triggering via an uploaded asset URL (involving malicious SVG files) and then craft phishing pages. The vulnerability is fixed in 3.14.2, and als...

5.7CVSS6.6AI score0.00615EPSS
CVE
CVE
added 2023/09/01 2:23 p.m.54 views

CVE-2023-23763

CVE-2023-23763 (GitHub Enterprise Server) describes an authorization/sensitive information disclosure vulnerability where a fork could retain read access to an upstream repository after its visibility was set to private. Affected versions are all prior to 3.10.0. Fixed releases are 3.9.4, 3.8.9, ...

5.3CVSS4.8AI score0.00541EPSS
CVE
CVE
added 2023/12/21 8:45 p.m.46 views

CVE-2023-6803

GitHub Enterprise Server contains a race condition vulnerability that can permit an outside collaborator to be added while a repository is being transferred. Affected software: GitHub Enterprise Server (all versions since 3.8). Root cause: race condition during repository transfer. Impact: potent...

5.8CVSS4.4AI score0.00166EPSS
CVE
CVE
added 2025/07/15 8:44 p.m.37 views

CVE-2025-6981

CVE-2025-6981 describes an incorrect authorization vulnerability in GitHub Enterprise Server that allowed unauthorized read access to internal repositories for contractor accounts when the Contractors API feature was enabled. The issue affected all versions prior to 3.18 and has been fixed in ver...

5.3CVSS6.2AI score0.00254EPSS
CVE
CVE
added 2026/03/10 5:46 p.m.26 views

CVE-2026-3306

CVE-2026-3306 describes an improper authorization in GitHub Enterprise Server where a user with read access to a repository and write access to a project could modify issue and pull request metadata via the project without repository write permissions being verified during column value updates. T...

5.3CVSS5.7AI score0.00321EPSS
CVE
CVE
added 2026/04/21 10:23 p.m.26 views

CVE-2026-3307

GitHub Enterprise Server vulnerability CVE-2026-3307 allows an admin on one repository to modify the secret scanning push protection delegated bypass reviewers for another repository by changing the owner_id in the request body. Authorization is checked against the URL repository, but the action ...

5.3CVSS5.9AI score0.0027EPSS
CVE
CVE
added 2026/04/21 10:12 p.m.24 views

CVE-2026-5512

CVE-2026-5512 describes an improper authorization vulnerability in GitHub Enterprise Server where an authenticated attacker could determine private repository names by numeric ID via the mobile upload policy API endpoint. The issue arises from a failure to perform an early authorization check and...

5.3CVSS5.8AI score0.00296EPSS
CVE
CVE
added 2026/06/30 8:21 p.m.20 views

CVE-2026-9106

The CVE-2026-9106 issue concerns GitHub Enterprise Server where a UI misrepresentation allowed an OAuth app to gain unauthorized access to an organization’s runner management. A victim could be tricked into authorizing an app requesting the manage_runners:org scope because the scope was not shown...

5.5CVSS5.8AI score0.00176EPSS
CVE
CVE
added 2026/07/01 9:3 p.m.17 views

CVE-2026-14340

GitHub Enterprise Server (GitHub ES) suffers an incorrect authorization vulnerability (CVE-2026-14340) where a user-to-server token scoped to a GitHub App installation could perform write operations on public repositories outside the token’s scope. The root cause is an authorization check that on...

5.3CVSS5.8AI score0.00215EPSS
CVE
CVE
added 2026/03/10 6:56 p.m.16 views

CVE-2026-3582

CVE-2026-3582 affects GitHub Enterprise Server. An Incorrect Authorization vulnerability allowed an authenticated user with a classic PAT lacking the repo scope to retrieve issues and commits from private/internal repositories via the search REST API, provided the user already had access to the r...

5.3CVSS5.8AI score0.00248EPSS