Latest github enterprise server Vulnerabilities

CVE-2023-23766
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would ...
GitHub Enterprise Server<3.6.17
GitHub Enterprise Server>=3.7.0<3.7.15
GitHub Enterprise Server>=3.8.0<3.8.8
GitHub Enterprise Server>=3.9.0<3.9.3
GitHub Enterprise Server=3.10.0
CVE-2023-23763
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was ...
GitHub Enterprise Server>=3.6.0<3.6.18
GitHub Enterprise Server>=3.7.0<3.7.16
GitHub Enterprise Server>=3.8.0<3.8.9
GitHub Enterprise Server>=3.9.0<3.9.4
CVE-2023-23765
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerabilit...
GitHub Enterprise Server>=3.6.0<3.6.16
GitHub Enterprise Server>=3.7.0<3.7.13
GitHub Enterprise Server>=3.8.0<3.8.6
GitHub Enterprise Server=3.9.0
CVE-2023-23764
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker ...
GitHub Enterprise Server>=3.7.0<3.7.9
GitHub Enterprise Server>=3.8.0<3.8.2
GitHub Enterprise Server=3.9.0
CVE-2023-23762
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the rep...
GitHub Enterprise Server<3.4.18
GitHub Enterprise Server>=3.5.0<3.5.15
GitHub Enterprise Server>=3.6.0<3.6.11
GitHub Enterprise Server>=3.7.0<3.7.8
GitHub Enterprise Server=3.8.0
CVE-2023-23761
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate ...
GitHub Enterprise Server<3.4.18
GitHub Enterprise Server>=3.5.0<3.5.15
GitHub Enterprise Server>=3.6.0<3.6.11
GitHub Enterprise Server>=3.7.0<3.7.8
GitHub Enterprise Server=3.8.0
CVE-2023-23760
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need pe...
GitHub Enterprise Server<3.4.17
GitHub Enterprise Server>=3.5.0<3.5.14
GitHub Enterprise Server>=3.6.0<3.6.10
GitHub Enterprise Server>=3.7.0<3.7.7
CVE-2022-46257
An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have...
GitHub Enterprise Server>=3.3.0<3.3.17
GitHub Enterprise Server>=3.4.0<3.4.12
GitHub Enterprise Server>=3.5.0<3.5.9
GitHub Enterprise Server>=3.6.0<3.6.5
CVE-2023-22381
A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a W...
GitHub Enterprise Server<3.4.15
GitHub Enterprise Server>=3.5.0<3.5.12
GitHub Enterprise Server>=3.6.0<3.6.8
GitHub Enterprise Server>=3.7.0<3.7.5
CVE-2023-22380
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need p...
GitHub Enterprise Server>=3.7.0<3.7.6
CVE-2022-23739
An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app i...
GitHub Enterprise Server<3.3.16
GitHub Enterprise Server>=3.4.0<3.4.11
GitHub Enterprise Server>=3.5.0<3.5.8
GitHub Enterprise Server>=3.6.0<3.6.4
GitHub Enterprise Server=3.7.0
CVE-2022-46258
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow sco...
GitHub Enterprise Server<3.3.16
GitHub Enterprise Server>=3.4.0<3.4.11
GitHub Enterprise Server>=3.5.0<3.5.8
GitHub Enterprise Server>=3.6.0<3.6.4
CVE-2022-23741
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an ...
GitHub Enterprise Server<3.3.17
GitHub Enterprise Server>=3.4.0<3.4.12
GitHub Enterprise Server>=3.5.0<3.5.9
GitHub Enterprise Server>=3.6.0<3.6.5
CVE-2022-46256
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need pe...
GitHub Enterprise Server<3.3.17
GitHub Enterprise Server>=3.4.0<3.4.12
GitHub Enterprise Server>=3.5.0<3.5.9
GitHub Enterprise Server>=3.6.0<3.6.5
GitHub Enterprise Server>=3.7.0<3.7.2
CVE-2022-46255
An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the...
GitHub Enterprise Server=3.7.0
CVE-2022-23737
An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerabili...
GitHub Enterprise Server<3.2.20
GitHub Enterprise Server>=3.3.0<3.3.15
GitHub Enterprise Server>=3.4.0<3.4.10
GitHub Enterprise Server>=3.5.0<3.5.7
GitHub Enterprise Server>=3.6.0<3.6.3
CVE-2022-23740
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an ...
GitHub Enterprise Server=3.7.0
CVE-2022-23738
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an ac...
GitHub Enterprise Server>=3.2.0<3.2.20
GitHub Enterprise Server>=3.3.0<3.3.15
GitHub Enterprise Server>=3.4.0<3.4.10
GitHub Enterprise Server>=3.5.0<3.5.7
GitHub Enterprise Server>=3.6.0<3.6.3
CVE-2022-23734
A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an at...
GitHub Enterprise Server<3.2.16
GitHub Enterprise Server>=3.3.0<3.3.11
GitHub Enterprise Server>=3.4.0<3.4.6
GitHub Enterprise Server>=3.5.0<3.5.3
CVE-2022-23733
A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vul...
GitHub Enterprise Server>=3.3.0<3.3.11
GitHub Enterprise Server>=3.4.0<3.4.6
GitHub Enterprise Server>=3.5.0<3.5.3
CVE-2022-23732
A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploi...
GitHub Enterprise Server<3.1.19
GitHub Enterprise Server>=3.2.0<3.2.11
GitHub Enterprise Server>=3.3.0<3.3.6
GitHub Enterprise Server>=3.4.0<3.4.1
CVE-2021-41599
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permis...
GitHub Enterprise Server>=3.0.0<3.0.21
GitHub Enterprise Server>=3.1.0<3.1.13
GitHub Enterprise Server>=3.2.0<3.2.5
CVE-2021-41598
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the ...
GitHub Enterprise Server<3.0.21
GitHub Enterprise Server>=3.1.0<3.1.13
GitHub Enterprise Server>=3.2.0<3.2.5
CVE-2021-22870
A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would nee...
GitHub Enterprise Server<3.0.19
GitHub Enterprise Server>=3.1.0<3.1.11
GitHub Enterprise Server>=3.2.0<3.2.3
CVE-2021-22869
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self...
GitHub Enterprise Server>=3.0.0<3.0.16
GitHub Enterprise Server>=3.1.0<3.1.8
CVE-2021-22868
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not...
GitHub Enterprise Server<2.22.22
GitHub Enterprise Server>=3.0.0<3.0.16
GitHub Enterprise Server>=3.1.0<3.1.8
CVE-2021-22867
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not...
GitHub Enterprise Server<2.22.17
GitHub Enterprise Server>=3.0.0<3.0.11
GitHub Enterprise Server>=3.1.0<3.1.3
CVE-2021-22866
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the ...
GitHub Enterprise Server>=2.20.0<2.22.13
GitHub Enterprise Server>=3.0.0<3.0.7
CVE-2021-22865
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata...
GitHub Enterprise Server<2.21.18
GitHub Enterprise Server>=2.22.0<2.22.10
GitHub Enterprise Server>=3.0.0<3.0.4
CVE-2021-22864
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages w...
GitHub Enterprise Server>=2.21.0<2.21.17
GitHub Enterprise Server>=2.22.0<2.22.9
GitHub Enterprise Server>=3.0.0<3.0.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2023 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203