30 matches found
CVE-2024-1082
Summary: CVE-2024-1082 describes a path traversal in GitHub Enterprise Server that allows an attacker with page-site build permissions to read files via symbolic links in a crafted artifact tarball uploaded to GitHub Pages. Affected product/versions: GitHub Enterprise Server prior to 3.12. Fixed ...
CVE-2024-5815
CVE-2024-5815 is a Cross-Site Request Forgery in GitHub Enterprise Server that permits write operations on a victim-owned repository when an attacker who is a trusted GHE user induces the victim to visit a tag in the attacker’s fork. The issue affects all GitHub Enterprise Server versions prior t...
CVE-2021-22867
CVE-2021-22867 / CVE-2021-22868 (GitHub Enterprise Server) : Path traversal through GitHub Pages configuration options that are user-controlled, allowing reading files on the server during page builds. Affected versions: all before 3.1.3 (fixed in 3.1.3, 3.0.11, 2.22.17). Red Hat notes indicate t...
CVE-2022-46258
CVE-2022-46258 describes an incorrect authorization in GitHub Enterprise Server where a repository-scoped token with read/write access could modify Action Workflow files without a Workflow scope. Affected: all versions before 3.7. Fixes were released in 3.3.16, 3.4.11, 3.5.8, and 3.6.4. Practical...
CVE-2023-22380
CVE-2023-22380 describes a path traversal vulnerability in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. The issue affects all versions of GitHub Enterprise Server since 3.7 and is due to a flaw in the file-path handling during Page builds, enabli...
CVE-2022-23737
Summary: CVE-2022-23737 is an improper privilege management vulnerability in GitHub Enterprise Server that allows users with insufficient privileges to create or delete pages via the API. An attacker would need to be added to an organization’s repository with write permissions to exploit it. The ...
CVE-2024-6336
CVE-2024-6336 describes a security misconfiguration in GitHub Enterprise Server where sensitive information could be disclosed to unauthorized users by exploiting the organization ruleset feature. An organization member could change the visibility of a dependent repository from private to public,...
CVE-2024-1084
GitHub Enterprise Server remote UI vulnerability CVE-2024-1084 is a Cross-site Scripting issue in the tag name pattern field of the tag protections UI. The flaw allows a malicious website, leveraging user interaction and social engineering, to change a user account via CSP bypass with created CSR...
CVE-2021-22865
Summary. CVE-2021-22865 is an improper access control vulnerability in GitHub Enterprise Server that allows access tokens generated from a GitHub App’s web authentication flow to read private repository metadata via the REST API without granted permissions. Prerequisites: an attacker must create ...
CVE-2024-5566
CVE-2024-5566 affects GitHub Enterprise Server prior to 3.14, where an improper privilege management issue allowed migration of private repositories without sufficient Personal Access Token scopes. The root cause is insufficient access control during repository migration, enabling unintended cont...
CVE-2024-10824
CVE-2024-10824 affects GitHub Enterprise Server versions after 3.13.0 but before 3.14.0. The root cause is an authorization bypass that allowed organization members with a personal access token to access secret scanning alert data intended only for business owners, provided secret scanning was en...
CVE-2024-5816
CVE-2024-5816 – GitHub Enterprise Server : An Incorrect Authorization flaw allows a suspended GitHub App to retain access to repositories via a scoped user access token. Impact is limited to public repositories; private repos are not affected. Affected: all GitHub Enterprise Server versions prior...
CVE-2024-6337
CVE-2024-6337 affects GitHub Enterprise Server. A flawed authorization allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repo. The issue is exploitable via a user access token; installation access tokens were not impacted...
CVE-2024-6395
CVE-2024-6395 (GitHub Enterprise Server) exposes a sensitive-information issue that allows an attacker to enumerate the names of private repositories using deploy keys, but does not disclose repository contents. Affected: GitHub Enterprise Server versions prior to 3.14. The root cause, per multip...
CVE-2024-8263
CVE-2024-8263 describes an improper privilege management vulnerability in GitHub Enterprise Server that allows arbitrary workflows to be committed via an improperly scoped Personal Access Token (PAT) when nested tags are used. Affected product: GitHub Enterprise Server (all versions prior to the ...
CVE-2023-23766
CVE-2023-23766 describes an incorrect comparison vulnerability in GitHub Enterprise Server that enabled commit smuggling by displaying an incorrect diff when re-opening a Pull Request. Exploitation would require write access to the repository. All versions prior to the fixed releases are affected...
CVE-2021-22870
The CVE-2021-22870 issue affects GitHub Enterprise Server pages builds and is a path-traversal vulnerability that could allow an attacker with permission to create and build a GitHub Pages site to read system files. The vulnerability exists in all versions prior to 3.3 and was fixed in 3.0.19, 3....
CVE-2023-46645
CVE-2023-46645 describes a path traversal vulnerability in GitHub Enterprise Server that enables arbitrary file reading when building a GitHub Pages site. The attacker must have permission to create and build a GitHub Pages site on the affected server. Affected versions include all releases since...
CVE-2024-5817
GitHub Enterprise Server (GES) security advisory CVE-2024-5817 describes an Incorrect Authorization flaw that allowed read access to issue content via GitHub Projects. Affected: all GES versions prior to 3.14. The vulnerability required attacker access to the corresponding internal project board ...
CVE-2024-8770
CVE-2024-8770 describes a Cross-Site Scripting (XSS) vulnerability in the repository transfer feature of GitHub Enterprise Server. The issue affected all versions prior to the fixed releases and allowed attackers to steal sensitive user information via social engineering. Fixes were released in G...
CVE-2023-23762
CVE-2023-23762 describes an incorrect comparison vulnerability in GitHub Enterprise Server that enables commit smuggling by displaying an incorrect diff. An attacker would need write access to a repository and must correctly guess the target branch before it’s created by the maintainer. The issue...
CVE-2023-23765
CVE-2023-23765 concerns GitHub Enterprise Server. The issue is an incorrect comparison vulnerability that allows commit smuggling by displaying an incorrect diff in a re-opened Pull Request. The exploitation condition requires the attacker to have write access to the affected repository. The avai...
CVE-2023-6804
CVE-2023-6804 (GitHub Enterprise Server) : Improper privilege management allows arbitrary workflows to be committed and run using an improperly scoped Personal Access Token, provided a workflow already exists in the target repo. Affected: GitHub Enterprise Server versions 3.8–3.11.x (before fixes...
CVE-2025-6600
This CVE affects GitHub Enterprise Server v3.17. The issue is an information-disclosure where a user-to-server token with no scopes, used via the Search API, could disclose private repository names within an organization. Exploitation required an organization administrator to install a malicious ...
CVE-2024-1908
CVE-2024-1908 concerns GitHub Enterprise Server. The issue is an improper privilege management flaw that allowed an attacker with a non-default GitHub Connect setting and an account on the server to use the Enterprise Actions GitHub Connect download token to fetch private repository data. Affecte...
CVE-2026-10585
CVE-2026-10585 describes a stored XSS in GitHub Enterprise Server where an authenticated attacker could execute JavaScript in another user’s browser by injecting a crafted payload into a Discussion title in the Q&A category. The vulnerability stems from the AnsweredQuestionStructuredDataComponent...
CVE-2026-1355
GitHub Enterprise Server contains a Missing Authorization vulnerability in the repository migration upload endpoint. An authenticated attacker could supply a migration identifier to overwrite or replace a victim’s migration archive, potentially causing victims to download attacker-controlled repo...
CVE-2026-8106
CVE-2026-8106 describes a reflected HTML injection in the GitHub Enterprise Server Management Console login page. The vulnerability lies in the redirect_to query parameter on the /setup/unlock endpoint, which is reflected into an HTML attribute without proper sanitization. An attacker could entic...
CVE-2026-9132
CVE-2026-9132 describes a missing authorization flaw in GitHub Enterprise Server where an authenticated user could read source code from private repositories via the Copilot pull request description diff summary endpoint. The vulnerability allowed a user with read access to at least one repositor...
CVE-2026-6736
CVE-2026-6736 describes an authentication bypass in GitHub Enterprise Server (GHES) : when external authentication is enabled, the signup endpoint could create a local user account and establish a session without validating the external identity provider. This unauthenticated access required netw...