Github

Enterprise Server

117 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.28%
  • Veröffentlicht 13.02.2024 19:15:09
  • Zuletzt bearbeitet 21.11.2024 08:50:24

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerab...

  • EPSS 0.77%
  • Veröffentlicht 13.02.2024 19:15:08
  • Zuletzt bearbeitet 21.11.2024 08:49:45

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. T...

  • EPSS 71.73%
  • Veröffentlicht 16.01.2024 19:15:08
  • Zuletzt bearbeitet 21.11.2024 08:46:03

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor ...

  • EPSS 65.8%
  • Veröffentlicht 16.01.2024 19:15:08
  • Zuletzt bearbeitet 21.11.2024 08:46:45

An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and ...

  • EPSS 0.2%
  • Veröffentlicht 21.12.2023 21:15:15
  • Zuletzt bearbeitet 21.11.2024 08:44:35

Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise ...

  • EPSS 0.82%
  • Veröffentlicht 21.12.2023 21:15:15
  • Zuletzt bearbeitet 21.11.2024 08:44:40

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise...

  • EPSS 0.33%
  • Veröffentlicht 21.12.2023 21:15:14
  • Zuletzt bearbeitet 21.11.2024 08:44:22

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise...

  • EPSS 0.51%
  • Veröffentlicht 21.12.2023 21:15:14
  • Zuletzt bearbeitet 16.12.2024 19:07:48

An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To e...

  • EPSS 0.72%
  • Veröffentlicht 21.12.2023 21:15:14
  • Zuletzt bearbeitet 21.11.2024 08:44:35

An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files...

  • EPSS 0.17%
  • Veröffentlicht 21.12.2023 21:15:14
  • Zuletzt bearbeitet 21.11.2024 08:44:35

A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3....