Lucene search
+L
GithubEnterprise Server

17 matches found

cve
cve
added 2025/04/17 10:50 p.m.1115 views

CVE-2025-3509

CVE-2025-3509 affects GitHub Enterprise Server prior to 3.18 and is a Remote Code Execution in the pre-receive hook. The root cause involves using dynamically allocated ports that become temporarily available during specific operational conditions (e.g., hot patch upgrades), creating an exploitab...

7.2CVSS7.9AI score0.01234EPSS
cve
cve
added 2023/12/21 8:46 p.m.79 views

CVE-2023-6847

Summary: CVE-2023-6847 is an improper authentication vulnerability in GitHub Enterprise Server that allows bypassing Private Mode via a specially crafted API request. This could enable access to data restricted by Private Mode. Affected versions are GitHub Enterprise Server 3.9 and later up to 3....

7.5CVSS7.6AI score0.00815EPSS
cve
cve
added 2024/04/19 2:17 p.m.76 views

CVE-2024-3470

GitHub Enterprise Server suffers an Improper Privilege Management flaw that lets a repository deploy key bypass an organization’s ruleset when an attacker has a valid deploy key and repository administrator access. Affected versions are 3.11–3.12; remediation is to upgrade to 3.11.8 or 3.12.2. In...

7.2CVSS6.8AI score0.00587EPSS
cve
cve
added 2023/04/07 6:41 p.m.66 views

CVE-2023-23761

GitHub Enterprise Server faces an improper authentication vulnerability that could let an unauthorized actor modify other users’ secret gists by authenticating through an SSH certificate authority, provided the secret gist URL is known. Affected all versions before 3.9; fixes were released in 3.4...

7.7CVSS5.6AI score0.00462EPSS
cve
cve
added 2022/12/14 12:0 a.m.65 views

CVE-2022-23741

Summary : CVE-2022-23741 affects GitHub Enterprise Server. An incorrect authorization vulnerability allowed a scoped user-to-server token to escalate to full admin/owner privileges, requiring an admin to install a malicious GitHub App. The issue was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3....

7.2CVSS7AI score0.01097EPSS
cve
cve
added 2024/06/20 9:31 p.m.65 views

CVE-2024-5746

CVE-2024-5746 describes a Server-Side Request Forgery in GitHub Enterprise Server that allowed an authenticated Site Administrator to achieve arbitrary code execution on the instance. Affected versions were all before 3.13, with fixes in 3.12.5, 3.11.11, 3.10.13, and 3.9.16. Public references fro...

7.6CVSS7.8AI score0.00861EPSS
cve
cve
added 2024/07/16 9:26 p.m.65 views

CVE-2024-5795

CVE-2024-5795 is a Denial of Service vulnerability in GitHub Enterprise Server causing unbounded resource exhaustion when a large payload is sent to the Git server. Affected: all versions prior to 3.14. Impact: potential unavailability due to resource exhaustion. Remediation: upgrade to one of th...

7.7CVSS6.8AI score0.00557EPSS
cve
cve
added 2025/01/29 6:24 p.m.60 views

CVE-2024-10001

GitHub Enterprise Server is affected by CVE-2024-10001. The vulnerability arises from an improper sequence of validation in the message handling function: the origin check occurs after accepting a user-controlled identity property, enabling a code injection via the query selector and exfiltration...

7.1CVSS7.2AI score0.00371EPSS
cve
cve
added 2023/12/21 8:45 p.m.59 views

CVE-2023-6802

CVE-2023-6802 describes an information-in-logs vulnerability in GitHub Enterprise Server where sensitive data could be inserted into the audit log, potentially allowing access to the management console. Affected product: GitHub Enterprise Server (all versions since 3.8). Root cause: insertion of ...

7.2CVSS6.7AI score0.00719EPSS
cve
cve
added 2023/12/21 8:45 p.m.55 views

CVE-2023-46649

CVE-2023-46649 describes a race condition in GitHub Enterprise Server that could allow an attacker with admin privileges to gain further access during the conversion of a user to an organization. The issue affects all GitHub Enterprise Server versions from 3.7 onward and could be exploited to obt...

7CVSS6.3AI score0.00174EPSS
cve
cve
added 2023/07/27 8:45 p.m.54 views

CVE-2023-23764

CVE-2023-23764 affects GitHub Enterprise Server (versions 3.7.0 and later) with an incorrect comparison in the PR UI that could enable commit smuggling by displaying an incorrect diff. Exploitation requires write access to the target repository. Affected versions were fixed in 3.7.9, 3.8.2, and 3...

7.1CVSS5.8AI score0.00469EPSS
cve
cve
added 2026/05/26 11:59 p.m.51 views

CVE-2026-8606

A Server-Side Request Forgery (SSRF) in GitHub Enterprise Server was exposed via the security advisories package lookup endpoint, allowing an attacker to issue HTTP requests to internal services. By directing requests to an internal management service and measuring response timing, an attacker co...

7CVSS5.8AI score0.00386EPSS
cve
cve
added 2024/02/14 8:4 p.m.42 views

CVE-2024-1482

CVE-2024-1482 describes an incorrect authorization flaw in GitHub Enterprise Server that could let an attacker with access to the server create new branches in public repositories and run arbitrary GitHub Actions workflows using the GITHUB_TOKEN. Affected versions: all after 3.8 and before 3.12. ...

7.1CVSS6.9AI score0.00422EPSS
cve
cve
added 2025/08/26 1:42 a.m.28 views

CVE-2025-8447

CVE-2025-8447 : GitHub Enterprise Server had an improper access-control issue enabling users with access to one repo to retrieve limited code from another repo by stacking a diff between repositories. An attacker needed the private-repo name and a branch/tag/commit SHA to trigger the compare/diff...

7CVSS7.1AI score0.00283EPSS
cve
cve
added 2026/02/18 8:44 p.m.19 views

CVE-2026-1999

CVE-2026-1999 affects GitHub Enterprise Server and is an incorrect authorization vulnerability in the enable_auto_merge mutation for pull requests. An attacker could merge their own PR into a repository without push access under specific conditions: the repository must allow forking, a clean PR s...

7.1CVSS5.9AI score0.00235EPSS
cve
cve
added 2025/11/10 10:44 p.m.17 views

CVE-2025-11578

CVE-2025-11578 is a privilege-escalation vulnerability in GitHub Enterprise Server. An authenticated Enterprise admin could abuse a symlink escape in pre-receive hook environments to replace system binaries during hook cleanup and inject their SSH key into root’s authorized_keys, enabling root SS...

7.5CVSS6.9AI score0.00645EPSS
cve
cve
added 2026/03/10 6:55 p.m.11 views

CVE-2026-2266

CVE-2026-2266 : In GitHub Enterprise Server, there is a DOM-based cross-site scripting vulnerability caused by improper neutralization of input in the task list content rendering. Authenticated users can craft malicious task list items in issues or pull requests to inject user-supplied HTML and e...

7.4CVSS5.9AI score0.00176EPSS