Latest github enterprise server Vulnerabilities

CVE-2024-1378
Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
GitHub Enterprise Server<3.8.15
GitHub Enterprise Server>=3.9.0<3.9.10
GitHub Enterprise Server>=3.10.0<3.10.7
GitHub Enterprise Server>=3.11.0<3.11.5
CVE-2024-1374
Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
GitHub Enterprise Server<3.8.15
GitHub Enterprise Server>=3.9.0<3.9.10
GitHub Enterprise Server>=3.10.0<3.10.7
GitHub Enterprise Server>=3.11.0<3.11.5
CVE-2024-1372
Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
GitHub Enterprise Server<3.8.15
GitHub Enterprise Server>=3.9.0<3.9.10
GitHub Enterprise Server>=3.10.0<3.10.7
GitHub Enterprise Server>=3.11.0<3.11.5
CVE-2024-1369
Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
GitHub Enterprise Server<3.8.15
GitHub Enterprise Server>=3.9.0<3.9.10
GitHub Enterprise Server>=3.10.0<3.10.7
GitHub Enterprise Server>=3.11.0<3.11.5
CVE-2024-1359
Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
GitHub Enterprise Server<3.8.15
GitHub Enterprise Server>=3.9.0<3.9.10
GitHub Enterprise Server>=3.10.0<3.10.7
GitHub Enterprise Server>=3.11.0<3.11.5
CVE-2024-1355
Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
GitHub Enterprise Server<3.8.15
GitHub Enterprise Server>=3.9.0<3.9.10
GitHub Enterprise Server>=3.10.0<3.10.7
GitHub Enterprise Server>=3.11.0<3.11.5
CVE-2024-1354
Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
GitHub Enterprise Server<3.8.15
GitHub Enterprise Server>=3.9.0<3.9.10
GitHub Enterprise Server>=3.10.0<3.10.7
GitHub Enterprise Server>=3.11.0<3.11.5
CVE-2024-0507
Privilege Escalation by Code Injection in the Management Console in GitHub Enterprise Server
GitHub Enterprise Server<3.8.13
GitHub Enterprise Server>=3.9.0<3.9.8
GitHub Enterprise Server>=3.10.0<3.10.5
GitHub Enterprise Server>=3.11.0<3.11.3
CVE-2024-0200
Unsafe Reflection in Github Enterprise Server leading to Command Injection
GitHub Enterprise Server>=3.8.0<3.8.13
GitHub Enterprise Server>=3.9.0<3.9.8
GitHub Enterprise Server>=3.10.0<3.10.5
GitHub Enterprise Server>=3.11.0<3.11.3
CVE-2023-6847
Improper Authentication in GitHub Enterprise Server leading to Authentication Bypass for Public Repository Data
GitHub Enterprise Server>=3.9.0<3.9.7
GitHub Enterprise Server>=3.10.0<3.10.4
GitHub Enterprise Server=3.11.0
CVE-2023-51380
Incorrect Authorization allows Read Access to Issue Comments in GitHub Enterprise Server
GitHub Enterprise Server>=3.7.0<3.17.19
GitHub Enterprise Server>=3.8.0<3.8.12
GitHub Enterprise Server>=3.9.0<3.9.7
GitHub Enterprise Server>=3.10.0<3.10.4
GitHub Enterprise Server=3.11.0
CVE-2023-51379
Incorrect Authorization for Issue Comments in GitHub Enterprise Server
GitHub Enterprise Server>=3.7.0<3.17.19
GitHub Enterprise Server>=3.8.0<3.8.12
GitHub Enterprise Server>=3.9.0<3.9.7
GitHub Enterprise Server>=3.10.0<3.10.4
GitHub Enterprise Server=3.11.0
CVE-2023-46648
Insufficient Entropy in GitHub Enterprise Server Management Console Invitation Token
GitHub Enterprise Server>=3.8.0<3.8.12
GitHub Enterprise Server>=3.9.0<3.9.7
GitHub Enterprise Server>=3.10.0<3.10.4
GitHub Enterprise Server=3.11.0
CVE-2023-46649
Race Condition allows Administrative Access on Organization Repositories
GitHub Enterprise Server>=3.7.0<3.7.19
GitHub Enterprise Server>=3.8.0<3.8.12
GitHub Enterprise Server>=3.9.0<3.9.7
GitHub Enterprise Server>=3.10.0<3.10.4
GitHub Enterprise Server=3.11.0
CVE-2023-6804
Improper Privilege Management allows for arbitrary workflows to be run
GitHub Enterprise Server>=3.8.0<3.8.12
GitHub Enterprise Server>=3.9.0<3.9.7
GitHub Enterprise Server>=3.10.0<3.10.4
GitHub Enterprise Server=3.11.0
CVE-2023-6803
Race Condition allows Unauthorized Outside Collaborator
GitHub Enterprise Server>=3.8.0<3.8.12
GitHub Enterprise Server>=3.9.0<3.9.7
GitHub Enterprise Server>=3.10.0<3.10.4
GitHub Enterprise Server=3.11.0
CVE-2023-6802
Sensitive Information in Log File in GitHub Enterprise Server
GitHub Enterprise Server>=3.8.0<3.8.12
GitHub Enterprise Server>=3.9.0<3.9.7
GitHub Enterprise Server>=3.10.0<3.10.4
GitHub Enterprise Server=3.11.0
CVE-2023-46645
Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site
GitHub Enterprise Server>=3.7.0<3.7.19
GitHub Enterprise Server>=3.8.0<3.8.12
GitHub Enterprise Server>=3.9.0<3.9.7
GitHub Enterprise Server>=3.10.0<3.10.4
CVE-2023-6746
Sensitive Information in Log File in GitHub Enterprise Server
GitHub Enterprise Server>=3.7.0<3.17.19
GitHub Enterprise Server>=3.8.0<3.8.12
GitHub Enterprise Server>=3.9.0<3.9.7
GitHub Enterprise Server>=3.10.0<3.10.4
GitHub Enterprise Server=3.11.0
CVE-2023-6690
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the trans...
GitHub Enterprise Server>=3.8.0<3.8.12
GitHub Enterprise Server>=3.9.0<3.9.7
GitHub Enterprise Server>=3.10.0<3.10.4
GitHub Enterprise Server=3.11.0
CVE-2023-46647
Improper Privilege Management in GitHub Enterprise Server management console leads to privilege escalation
GitHub Enterprise Server>=3.8.0<3.8.12
GitHub Enterprise Server>=3.9.0<3.9.6
GitHub Enterprise Server>=3.10.0<3.10.3
CVE-2023-46646
Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow ...
GitHub Enterprise Server>=3.7.0<3.17.19
GitHub Enterprise Server>=3.8.0<3.8.12
GitHub Enterprise Server>=3.9.0<3.9.7
GitHub Enterprise Server>=3.10.0<3.10.4
CVE-2023-23766
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would ...
GitHub Enterprise Server<3.6.17
GitHub Enterprise Server>=3.7.0<3.7.15
GitHub Enterprise Server>=3.8.0<3.8.8
GitHub Enterprise Server>=3.9.0<3.9.3
GitHub Enterprise Server=3.10.0
CVE-2023-23763
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was ...
GitHub Enterprise Server>=3.6.0<3.6.18
GitHub Enterprise Server>=3.7.0<3.7.16
GitHub Enterprise Server>=3.8.0<3.8.9
GitHub Enterprise Server>=3.9.0<3.9.4
CVE-2023-23765
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerabilit...
GitHub Enterprise Server>=3.6.0<3.6.16
GitHub Enterprise Server>=3.7.0<3.7.13
GitHub Enterprise Server>=3.8.0<3.8.6
GitHub Enterprise Server=3.9.0
CVE-2023-23764
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker ...
GitHub Enterprise Server>=3.7.0<3.7.9
GitHub Enterprise Server>=3.8.0<3.8.2
GitHub Enterprise Server=3.9.0
CVE-2023-23762
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the rep...
GitHub Enterprise Server<3.4.18
GitHub Enterprise Server>=3.5.0<3.5.15
GitHub Enterprise Server>=3.6.0<3.6.11
GitHub Enterprise Server>=3.7.0<3.7.8
GitHub Enterprise Server=3.8.0
CVE-2023-23761
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate ...
GitHub Enterprise Server<3.4.18
GitHub Enterprise Server>=3.5.0<3.5.15
GitHub Enterprise Server>=3.6.0<3.6.11
GitHub Enterprise Server>=3.7.0<3.7.8
GitHub Enterprise Server=3.8.0
CVE-2023-23760
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need pe...
GitHub Enterprise Server<3.4.17
GitHub Enterprise Server>=3.5.0<3.5.14
GitHub Enterprise Server>=3.6.0<3.6.10
GitHub Enterprise Server>=3.7.0<3.7.7
CVE-2022-46257
An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have...
GitHub Enterprise Server>=3.3.0<3.3.17
GitHub Enterprise Server>=3.4.0<3.4.12
GitHub Enterprise Server>=3.5.0<3.5.9
GitHub Enterprise Server>=3.6.0<3.6.5
CVE-2023-22381
A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a W...
GitHub Enterprise Server<3.4.15
GitHub Enterprise Server>=3.5.0<3.5.12
GitHub Enterprise Server>=3.6.0<3.6.8
GitHub Enterprise Server>=3.7.0<3.7.5
CVE-2023-22380
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need p...
GitHub Enterprise Server>=3.7.0<3.7.6
CVE-2022-23739
An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app i...
GitHub Enterprise Server<3.3.16
GitHub Enterprise Server>=3.4.0<3.4.11
GitHub Enterprise Server>=3.5.0<3.5.8
GitHub Enterprise Server>=3.6.0<3.6.4
GitHub Enterprise Server=3.7.0
CVE-2022-46258
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow sco...
GitHub Enterprise Server<3.3.16
GitHub Enterprise Server>=3.4.0<3.4.11
GitHub Enterprise Server>=3.5.0<3.5.8
GitHub Enterprise Server>=3.6.0<3.6.4
CVE-2022-23741
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an ...
GitHub Enterprise Server<3.3.17
GitHub Enterprise Server>=3.4.0<3.4.12
GitHub Enterprise Server>=3.5.0<3.5.9
GitHub Enterprise Server>=3.6.0<3.6.5
CVE-2022-46255
An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the...
GitHub Enterprise Server=3.7.0
CVE-2022-46256
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need pe...
GitHub Enterprise Server<3.3.17
GitHub Enterprise Server>=3.4.0<3.4.12
GitHub Enterprise Server>=3.5.0<3.5.9
GitHub Enterprise Server>=3.6.0<3.6.5
GitHub Enterprise Server>=3.7.0<3.7.2
CVE-2022-23737
An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerabili...
GitHub Enterprise Server<3.2.20
GitHub Enterprise Server>=3.3.0<3.3.15
GitHub Enterprise Server>=3.4.0<3.4.10
GitHub Enterprise Server>=3.5.0<3.5.7
GitHub Enterprise Server>=3.6.0<3.6.3
CVE-2022-23740
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an ...
GitHub Enterprise Server=3.7.0
CVE-2022-23738
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an ac...
GitHub Enterprise Server>=3.2.0<3.2.20
GitHub Enterprise Server>=3.3.0<3.3.15
GitHub Enterprise Server>=3.4.0<3.4.10
GitHub Enterprise Server>=3.5.0<3.5.7
GitHub Enterprise Server>=3.6.0<3.6.3
CVE-2022-23734
A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an at...
GitHub Enterprise Server<3.2.16
GitHub Enterprise Server>=3.3.0<3.3.11
GitHub Enterprise Server>=3.4.0<3.4.6
GitHub Enterprise Server>=3.5.0<3.5.3
CVE-2022-23733
A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vul...
GitHub Enterprise Server>=3.3.0<3.3.11
GitHub Enterprise Server>=3.4.0<3.4.6
GitHub Enterprise Server>=3.5.0<3.5.3
CVE-2022-23732
A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploi...
GitHub Enterprise Server<3.1.19
GitHub Enterprise Server>=3.2.0<3.2.11
GitHub Enterprise Server>=3.3.0<3.3.6
GitHub Enterprise Server>=3.4.0<3.4.1
CVE-2021-41599
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permis...
GitHub Enterprise Server>=3.0.0<3.0.21
GitHub Enterprise Server>=3.1.0<3.1.13
GitHub Enterprise Server>=3.2.0<3.2.5
CVE-2021-41598
GitHub Enterprise Server<3.0.21
GitHub Enterprise Server>=3.1.0<3.1.13
GitHub Enterprise Server>=3.2.0<3.2.5
CVE-2021-22870
A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would nee...
GitHub Enterprise Server<3.0.19
GitHub Enterprise Server>=3.1.0<3.1.11
GitHub Enterprise Server>=3.2.0<3.2.3
CVE-2021-22869
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self...
GitHub Enterprise Server>=3.0.0<3.0.16
GitHub Enterprise Server>=3.1.0<3.1.8
CVE-2021-22868
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not...
GitHub Enterprise Server<2.22.22
GitHub Enterprise Server>=3.0.0<3.0.16
GitHub Enterprise Server>=3.1.0<3.1.8
CVE-2021-22867
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not...
GitHub Enterprise Server<2.22.17
GitHub Enterprise Server>=3.0.0<3.0.11
GitHub Enterprise Server>=3.1.0<3.1.3
CVE-2021-22866
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the ...
GitHub Enterprise Server>=2.20.0<2.22.13
GitHub Enterprise Server>=3.0.0<3.0.7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203