Github

Enterprise Server

90 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2024-3470

  • EPSS 0.04%
  • Published 19.04.2024 15:15:51
  • Last modified 02.09.2025 19:12:13

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy...

6.5

CVE-2024-1908

  • EPSS 0.16%
  • Published 21.03.2024 02:51:48
  • Last modified 02.09.2025 13:46:35

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on t...

4.3

CVE-2024-2748

  • EPSS 0.25%
  • Published 21.03.2024 00:15:09
  • Last modified 02.09.2025 14:07:47

A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerabi...

7.2

CVE-2024-2469

  • EPSS 0.9%
  • Published 20.03.2024 23:15:07
  • Last modified 04.09.2025 15:18:52

An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.1...

7.2

CVE-2024-2443

  • EPSS 0.27%
  • Published 20.03.2024 23:15:07
  • Last modified 04.09.2025 15:50:25

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vuln...

6.5

CVE-2024-1482

  • EPSS 0.08%
  • Published 14.02.2024 20:15:45
  • Last modified 23.01.2025 19:53:54

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit t...

9.1

CVE-2024-1378

  • EPSS 1.13%
  • Published 13.02.2024 19:15:10
  • Last modified 21.11.2024 08:50:26

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. Exploitat...

9.1

CVE-2024-1374

  • EPSS 2.8%
  • Published 13.02.2024 19:15:10
  • Last modified 21.11.2024 08:50:26

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. E...

9.1

CVE-2024-1372

  • EPSS 0.49%
  • Published 13.02.2024 19:15:10
  • Last modified 21.11.2024 08:50:26

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnera...

9.1

CVE-2024-1369

  • EPSS 0.58%
  • Published 13.02.2024 19:15:10
  • Last modified 21.11.2024 08:50:25

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configur...