Vulnerabilites related to github - enterprise_server
cve-2021-22870
Vulnerability from cvelistv5
Published
2021-11-10 01:55
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.19 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.11 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.3 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.0 < 3.0.19 Version: 3.1 < 3.1.11 Version: 3.2 < 3.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.0.19",
"status": "affected",
"version": "3.0",
"versionType": "custom"
},
{
"lessThan": "3.1.11",
"status": "affected",
"version": "3.1",
"versionType": "custom"
},
{
"lessThan": "3.2.3",
"status": "affected",
"version": "3.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "yvvdwf"
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T01:55:11",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2021-22870",
"STATE": "PUBLIC",
"TITLE": "Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0",
"version_value": "3.0.19"
},
{
"version_affected": "\u003c",
"version_name": "3.1",
"version_value": "3.1.11"
},
{
"version_affected": "\u003c",
"version_name": "3.2",
"version_value": "3.2.3"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "yvvdwf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.19",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.19"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.11",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.11"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.3",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.3"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2021-22870",
"datePublished": "2021-11-10T01:55:11",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-1369
Vulnerability from cvelistv5
Published
2024-02-13 18:53
Modified
2024-08-27 19:10
Severity ?
EPSS score ?
Summary
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.8.0 ≤ Version: 3.9.0 ≤ Version: 3.10.0 ≤ Version: 3.11.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:19.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:github:enterprise_server:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_server",
"vendor": "github",
"versions": [
{
"lessThan": "3.8.15",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"lessThan": "3.9.10",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"lessThan": "3.10.7",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"lessThan": "3.11.5",
"status": "affected",
"version": "3.11.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "3.12"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1369",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T17:45:49.992406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T19:10:24.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.8.15",
"status": "unaffected"
}
],
"lessThan": "3.8.15",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.10",
"status": "unaffected"
}
],
"lessThan": "3.9.10",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.7",
"status": "unaffected"
}
],
"lessThan": "3.10.7",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.5",
"status": "unaffected"
}
],
"lessThan": "3.11.5",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "inspector-ambitious"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003en attacker with an editor role in the Management Console to gain admin SSH access to the appliance \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhen setting the username and password for \u003c/span\u003e\u003ccode\u003ecollectd\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;configurations\u003c/span\u003e\u003c/span\u003e. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://bounty.github.com\"\u003eGitHub Bug Bounty program\u003c/a\u003e.\u003cbr\u003e"
}
],
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd\u00a0configurations. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-28T15:41:40.053Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-1369",
"datePublished": "2024-02-13T18:53:29.406Z",
"dateReserved": "2024-02-08T19:47:36.522Z",
"dateUpdated": "2024-08-27T19:10:24.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23766
Vulnerability from cvelistv5
Published
2023-09-22 14:18
Modified
2024-09-24 14:29
Severity ?
EPSS score ?
Summary
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.6.0 ≤ Version: 3.7.0 ≤ Version: 3.8.0 ≤ Version: 3.9.0 ≤ Version: 3.10.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:42:25.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/enterprise-server@3.6/admin/release-notes#3.6.17"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/enterprise-server@3.7/admin/release-notes#3.7.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/enterprise-server@3.8/admin/release-notes#3.8.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/enterprise-server@3.9/admin/release-notes#3.9.3"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/enterprise-server@3.10/admin/release-notes#3.10.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:16:47.459010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:29:38.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.6.17",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.7.15",
"status": "affected",
"version": "3.7.0",
"versionType": "semver"
},
{
"lessThan": "3.8.8",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"lessThan": "3.9.3",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"lessThan": "3.10.1",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "inspector-amibitious"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1\u003c/span\u003e. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"value": "An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697 Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T14:18:49.735Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/enterprise-server@3.6/admin/release-notes#3.6.17"
},
{
"url": "https://docs.github.com/enterprise-server@3.7/admin/release-notes#3.7.15"
},
{
"url": "https://docs.github.com/enterprise-server@3.8/admin/release-notes#3.8.8"
},
{
"url": "https://docs.github.com/enterprise-server@3.9/admin/release-notes#3.9.3"
},
{
"url": "https://docs.github.com/enterprise-server@3.10/admin/release-notes#3.10.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-23766",
"datePublished": "2023-09-22T14:18:49.735Z",
"dateReserved": "2023-01-17T20:40:37.555Z",
"dateUpdated": "2024-09-24T14:29:38.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46648
Vulnerability from cvelistv5
Published
2023-12-21 20:45
Modified
2024-08-02 20:53
Severity ?
EPSS score ?
Summary
An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.8.0 ≤ Version: 3.9.0 ≤ Version: 3.10.0 ≤ Version: 3.11.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.8.12",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"lessThan": "3.9.7",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"lessThan": "3.10.4",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"lessThan": "3.11.1",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Imre Rad"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.\u003cbr\u003e"
}
],
"value": "An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-112",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-112 Brute Force"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331 Insufficient Entropy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T20:45:45.845Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insufficient Entropy in GitHub Enterprise Server Management Console Invitation Token",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-46648",
"datePublished": "2023-12-21T20:45:45.845Z",
"dateReserved": "2023-10-24T13:41:13.390Z",
"dateUpdated": "2024-08-02T20:53:20.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23734
Vulnerability from cvelistv5
Published
2022-10-19 00:00
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.2 < 3.2.16 Version: 3.3 < 3.3.11 Version: 3.4 < 3.4.6 Version: 3.5 < 3.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.2.16",
"status": "affected",
"version": "3.2",
"versionType": "custom"
},
{
"lessThan": "3.3.11",
"status": "affected",
"version": "3.3",
"versionType": "custom"
},
{
"lessThan": "3.4.6",
"status": "affected",
"version": "3.4",
"versionType": "custom"
},
{
"lessThan": "3.5.3",
"status": "affected",
"version": "3.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alex Chapman"
}
],
"descriptions": [
{
"lang": "en",
"value": "A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502\tDeserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-19T00:00:00",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.16"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Deserialization of Untrusted Data vulnerability in GitHub Enterprise Server leading to Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2022-23734",
"datePublished": "2022-10-19T00:00:00",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-1359
Vulnerability from cvelistv5
Published
2024-02-13 18:52
Modified
2024-08-01 18:33
Severity ?
EPSS score ?
Summary
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.8.0 ≤ 3.8.14 Version: 3.9.0 ≤ 3.9.9 Version: 3.10.0 ≤ 3.10.6 Version: 3.11.0 ≤ 3.11.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:25.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.8.15",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.10",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.9",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.6",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.4",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "inspector-ambitious"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "R31n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003en attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy\u003c/span\u003e. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://bounty.github.com\"\u003eGitHub Bug Bounty program\u003c/a\u003e.\u003cbr\u003e"
}
],
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-28T15:29:24.410Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-1359",
"datePublished": "2024-02-13T18:52:27.176Z",
"dateReserved": "2024-02-08T18:18:47.038Z",
"dateUpdated": "2024-08-01T18:33:25.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6746
Vulnerability from cvelistv5
Published
2023-12-21 20:45
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.7.0 ≤ 3.7.18 Version: 3.8.0 ≤ 3.8.11 Version: 3.9.0 ≤ 3.9.6 Version: 3.10.0 ≤ 3.10.3 Version: 3.11 ≤ 3.11.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.7.19",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.7.18",
"status": "affected",
"version": "3.7.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.8.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.8.11",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.6",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.3",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.0",
"status": "affected",
"version": "3.11",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs.\u0026nbsp;This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u0026nbsp;"
}
],
"value": "An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs.\u00a0This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0"
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T15:55:16.814Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Sensitive Information in Log File in GitHub Enterprise Server ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-6746",
"datePublished": "2023-12-21T20:45:23.261Z",
"dateReserved": "2023-12-12T17:17:59.803Z",
"dateUpdated": "2024-08-02T08:42:07.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22866
Vulnerability from cvelistv5
Published
2021-05-14 21:10
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but in certain circumstances, if the user revisits the authorization flow after the GitHub App has configured additional user-level permissions, those additional permissions may not be shown, leading to more permissions being granted than the user potentially intended. This vulnerability affected GitHub Enterprise Server 3.0.x prior to 3.0.7 and 2.22.x prior to 2.22.13. It was fixed in versions 3.0.7 and 2.22.13. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.7 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.13 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.0 < 3.0.7 Version: 2.22 < 2.22.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.0.7",
"status": "affected",
"version": "3.0",
"versionType": "custom"
},
{
"lessThan": "2.22.13",
"status": "affected",
"version": "2.22",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vaibhav Singh (vaib25vicky)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App\u0027s user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but in certain circumstances, if the user revisits the authorization flow after the GitHub App has configured additional user-level permissions, those additional permissions may not be shown, leading to more permissions being granted than the user potentially intended. This vulnerability affected GitHub Enterprise Server 3.0.x prior to 3.0.7 and 2.22.x prior to 2.22.13. It was fixed in versions 3.0.7 and 2.22.13. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-14T21:10:12",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.13"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user resources",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2021-22866",
"STATE": "PUBLIC",
"TITLE": "UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user resources"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0",
"version_value": "3.0.7"
},
{
"version_affected": "\u003c",
"version_name": "2.22",
"version_value": "2.22.13"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vaibhav Singh (vaib25vicky)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App\u0027s user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but in certain circumstances, if the user revisits the authorization flow after the GitHub App has configured additional user-level permissions, those additional permissions may not be shown, leading to more permissions being granted than the user potentially intended. This vulnerability affected GitHub Enterprise Server 3.0.x prior to 3.0.7 and 2.22.x prior to 2.22.13. It was fixed in versions 3.0.7 and 2.22.13. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-451: User Interface (UI) Misrepresentation of Critical Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.7",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.7"
},
{
"name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.13",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.13"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2021-22866",
"datePublished": "2021-05-14T21:10:12",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5815
Vulnerability from cvelistv5
Published
2024-07-16 21:26
Modified
2024-08-01 21:25
Severity ?
EPSS score ?
Summary
A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit a tag in the attacker's fork of their own repository. vulnerability affected all versions of GitHub Enterprise Server prior 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.
This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.9.0 ≤ 3.9.16 Version: 3.10.0 ≤ 3.10.13 Version: 3.11.0 ≤ 3.11.11 Version: 3.12.0 ≤ 3.12.5 Version: 3.13 ≤ 3.13.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T20:44:57.534814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T20:48:10.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:02.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.9.17"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.10.14"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.11.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.12.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.9.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.16",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.13",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.11",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.12.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.5",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.13.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.0",
"status": "affected",
"version": "3.13",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ahacker1"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eA Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit a tag in the attacker\u0027s fork of their own repository. vulnerability affected all versions of GitHub Enterprise Server prior 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.\n\n\n This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit a tag in the attacker\u0027s fork of their own repository. vulnerability affected all versions of GitHub Enterprise Server prior 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.\n\n\n This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/S:N/AU:N/R:U/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T21:26:57.404Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.9.17"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.10.14"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.11.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.12.6"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross Site Request Forgery was identified in GitHub Enterprise Server that allowed write in a user owned repository",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-5815",
"datePublished": "2024-07-16T21:26:57.404Z",
"dateReserved": "2024-06-10T20:08:13.175Z",
"dateUpdated": "2024-08-01T21:25:02.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-51380
Vulnerability from cvelistv5
Published
2023-12-21 20:45
Modified
2024-08-02 22:32
Severity ?
EPSS score ?
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.7.0 ≤ 3.7.18 Version: 3.8.0 ≤ 3.8.11 Version: 3.9.0 ≤ 3.9.6 Version: 3.10.0 ≤ 3.10.3 Version: 3.11 ≤ 3.11.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.7.19",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.7.18",
"status": "affected",
"version": "3.7.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.8.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.8.11",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.6",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.3",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.0",
"status": "affected",
"version": "3.11",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Douglas Day"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token.\u0026nbsp;This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u0026nbsp;"
}
],
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token.\u00a0This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T19:02:55.607Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect Authorization allows Read Access to Issue Comments in GitHub Enterprise Server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-51380",
"datePublished": "2023-12-21T20:45:48.028Z",
"dateReserved": "2023-12-18T17:47:35.907Z",
"dateUpdated": "2024-08-02T22:32:09.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23765
Vulnerability from cvelistv5
Published
2023-08-30 22:33
Modified
2024-09-27 14:22
Severity ?
EPSS score ?
Summary
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.6.0 ≤ Version: 3.7.0 ≤ Version: 3.8.0 ≤ Version: 3.9.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:42:26.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.16"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.13"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23765",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T13:09:29.716760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T14:22:23.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.6.16",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.7.13",
"status": "affected",
"version": "3.7.0",
"versionType": "semver"
},
{
"lessThan": "3.8.6",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"lessThan": "3.9.1",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "inspector-amibitious"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://bounty.github.com/\"\u003eGitHub Bug Bounty Program\u003c/a\u003e.\u003cbr\u003e"
}
],
"value": "An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .\n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697 Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-02T19:44:56.785Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.16"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.13"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-23765",
"datePublished": "2023-08-30T22:33:40.932Z",
"dateReserved": "2023-01-17T20:40:37.555Z",
"dateUpdated": "2024-09-27T14:22:23.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6803
Vulnerability from cvelistv5
Published
2023-12-21 20:45
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.8 ≤ 3.8.11 Version: 3.9 ≤ 3.9.6 Version: 3.10 ≤ 3.10.3 Version: 3.11 ≤ 3.11.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.8.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.8.11",
"status": "affected",
"version": "3.8",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.6",
"status": "affected",
"version": "3.9",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.3",
"status": "affected",
"version": "3.10",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.0",
"status": "affected",
"version": "3.11",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "inspector-ambitious"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. \u003cbr\u003e"
}
],
"value": "A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. \n"
}
],
"impacts": [
{
"capecId": "CAPEC-29",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T20:45:27.233Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Race Condition allows Unauthorized Outside Collaborator",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-6803",
"datePublished": "2023-12-21T20:45:27.233Z",
"dateReserved": "2023-12-13T19:26:45.922Z",
"dateUpdated": "2024-08-02T08:42:07.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5566
Vulnerability from cvelistv5
Published
2024-07-16 21:26
Modified
2024-08-01 21:18
Severity ?
EPSS score ?
Summary
An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.9.0 ≤ 3.9.16 Version: 3.10.0 ≤ 3.10.13 Version: 3.11.0 ≤ 3.11.11 Version: 3.12.0 ≤ 3.12.5 Version: 3.13 ≤ 3.13.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T18:06:32.677272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T19:47:55.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.9.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.16",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.13",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.11",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.12.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.5",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.13.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.0",
"status": "affected",
"version": "3.13",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ganesh Kumar (iamgk808)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.\u003cbr\u003e"
}
],
"value": "An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T21:26:46.902Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Privilege Management allows for access to unauthorized repository content during migration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-5566",
"datePublished": "2024-07-16T21:26:46.902Z",
"dateReserved": "2024-05-31T15:02:06.763Z",
"dateUpdated": "2024-08-01T21:18:06.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23732
Vulnerability from cvelistv5
Published
2022-04-05 00:10
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.1 < 3.1.19 Version: 3.2 < 3.2.11 Version: 3.3 < 3.3.6 Version: 3.4 < 3.4.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.1.19",
"status": "affected",
"version": "3.1",
"versionType": "custom"
},
{
"lessThan": "3.2.11",
"status": "affected",
"version": "3.2",
"versionType": "custom"
},
{
"lessThan": "3.3.6",
"status": "affected",
"version": "3.3",
"versionType": "custom"
},
{
"lessThan": "3.4.1",
"status": "affected",
"version": "3.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "bitquark"
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23, CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-05T00:10:11",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Path traversal in GitHub Enterprise Server management console leading to a bypass of CSRF protections",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2022-23732",
"STATE": "PUBLIC",
"TITLE": "Path traversal in GitHub Enterprise Server management console leading to a bypass of CSRF protections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.1",
"version_value": "3.1.19"
},
{
"version_affected": "\u003c",
"version_name": "3.2",
"version_value": "3.2.11"
},
{
"version_affected": "\u003c",
"version_name": "3.3",
"version_value": "3.3.6"
},
{
"version_affected": "\u003c",
"version_name": "3.4",
"version_value": "3.4.1"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "bitquark"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23, CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.19",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.19"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.11",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.11"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.6",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.6"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.1",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.1"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2022-23732",
"datePublished": "2022-04-05T00:10:11",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:46.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-51379
Vulnerability from cvelistv5
Published
2023-12-21 20:45
Modified
2024-08-02 22:32
Severity ?
EPSS score ?
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.7.0 ≤ 3.7.18 Version: 3.8.0 ≤ 3.8.11 Version: 3.9.0 ≤ 3.9.6 Version: 3.10.0 ≤ 3.10.3 Version: 3.11 ≤ 3.11.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.7.19",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.7.18",
"status": "affected",
"version": "3.7.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.8.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.8.11",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.6",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.3",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.0",
"status": "affected",
"version": "3.11",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Douglas Day"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u0026nbsp;"
}
],
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0"
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T20:45:46.269Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect Authorization for Issue Comments in GitHub Enterprise Server ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-51379",
"datePublished": "2023-12-21T20:45:46.269Z",
"dateReserved": "2023-12-18T17:47:35.907Z",
"dateUpdated": "2024-08-02T22:32:09.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-1354
Vulnerability from cvelistv5
Published
2024-02-13 18:50
Modified
2024-08-01 18:33
Severity ?
EPSS score ?
Summary
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.8.0 ≤ Version: 3.9.0 ≤ Version: 3.10.0 ≤ Version: 3.11.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:25.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.8.15",
"status": "unaffected"
}
],
"lessThan": "3.8.15",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.10",
"status": "unaffected"
}
],
"lessThan": "3.9.10",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.7",
"status": "unaffected"
}
],
"lessThan": "3.10.7",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.5",
"status": "unaffected"
}
],
"lessThan": "3.11.5",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Inspector-ambitious"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003en attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `\u003c/span\u003e\u003ccode\u003esyslog-ng`\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;configuration file\u003c/span\u003e. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.\u003cbr\u003e"
}
],
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng`\u00a0configuration file. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-28T15:40:40.697Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-1354",
"datePublished": "2024-02-13T18:50:44.852Z",
"dateReserved": "2024-02-08T17:57:02.476Z",
"dateUpdated": "2024-08-01T18:33:25.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8263
Vulnerability from cvelistv5
Published
2024-09-23 20:12
Modified
2024-09-23 20:36
Severity ?
EPSS score ?
Summary
An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.14 ≤ 3.14.0 Version: 3.13.0 ≤ 3.13.3 Version: 3.12.0 ≤ 3.12.8 Version: 3.11.0 ≤ 3.11.14 Version: 3.10.0 ≤ 3.10.16 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T20:36:29.135789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T20:36:38.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.14.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.14.0",
"status": "affected",
"version": "3.14",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.13.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.3",
"status": "affected",
"version": "3.13.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.12.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.8",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.15",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.14",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.16",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "syvb"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eAn improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1.\u0026nbsp;This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1.\u00a0This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T20:12:51.005Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.1"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.4"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.9"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.17"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-8263",
"datePublished": "2024-09-23T20:12:51.005Z",
"dateReserved": "2024-08-28T13:59:08.440Z",
"dateUpdated": "2024-09-23T20:36:38.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23738
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to create a public repository, and have a site administrator visit a specially crafted URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.2 < 3.2.20 Version: 3.3 < 3.3.15 Version: 3.4 < 3.4.10 Version: 3.5 < 3.5.7 Version: 3.6 < 3.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.20"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.10"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.2.20",
"status": "affected",
"version": "3.2",
"versionType": "custom"
},
{
"lessThan": "3.3.15",
"status": "affected",
"version": "3.3",
"versionType": "custom"
},
{
"lessThan": "3.4.10",
"status": "affected",
"version": "3.4",
"versionType": "custom"
},
{
"lessThan": "3.5.7",
"status": "affected",
"version": "3.5",
"versionType": "custom"
},
{
"lessThan": "3.6.3",
"status": "affected",
"version": "3.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ahacker1"
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to create a public repository, and have a site administrator visit a specially crafted URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-01T00:00:00",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.20"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.15"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.10"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.7"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incomplete cache verification issue in GitHub Enterprise Server leading to exposure of private repo files"
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2022-23738",
"datePublished": "2022-11-01T00:00:00",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:46.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6802
Vulnerability from cvelistv5
Published
2023-12-21 20:45
Modified
2024-09-13 14:55
Severity ?
EPSS score ?
Summary
An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.8.0 ≤ 3.8.11 Version: 3.9.0 ≤ 3.9.6 Version: 3.10.0 ≤ 3.10.3 Version: 3.11 ≤ 3.11.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T16:11:11.467171Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T14:55:25.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.8.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.8.11",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.6",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.3",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.0",
"status": "affected",
"version": "3.11",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified\u0026nbsp;that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs.\u0026nbsp;This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u0026nbsp;"
}
],
"value": "An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified\u00a0that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs.\u00a0This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0"
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T20:45:24.749Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Sensitive Information in Log File in GitHub Enterprise Server ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-6802",
"datePublished": "2023-12-21T20:45:24.749Z",
"dateReserved": "2023-12-13T19:25:56.875Z",
"dateUpdated": "2024-09-13T14:55:25.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-1482
Vulnerability from cvelistv5
Published
2024-02-14 20:04
Modified
2024-08-01 18:40
Severity ?
EPSS score ?
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an attacker would need access to the Enterprise Server. This vulnerability affected all versions of GitHub Enterprise Server after 3.8 and prior to 3.12, and was fixed in versions 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.9.0 ≤ Version: 3.10.0 ≤ Version: 3.11.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-15T19:52:09.794469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:00:04.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.9.10",
"status": "unaffected"
}
],
"lessThan": "3.9.9",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.7",
"status": "unaffected"
}
],
"lessThan": "3.10.6",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.5",
"status": "unaffected"
}
],
"lessThan": "3.11.4",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ahacker1"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an attacker would need access to the Enterprise Server. This vulnerability affected all versions of GitHub Enterprise Server after 3.8 and prior to 3.12, and was fixed in versions 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.\u003cbr\u003e"
}
],
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an attacker would need access to the Enterprise Server. This vulnerability affected all versions of GitHub Enterprise Server after 3.8 and prior to 3.12, and was fixed in versions 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T20:04:47.981Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-1482",
"datePublished": "2024-02-14T20:04:47.981Z",
"dateReserved": "2024-02-13T20:04:24.216Z",
"dateUpdated": "2024-08-01T18:40:21.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8770
Vulnerability from cvelistv5
Published
2024-09-23 20:09
Modified
2024-09-23 20:37
Severity ?
EPSS score ?
Summary
A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.14 ≤ 3.14.0 Version: 3.13.0 ≤ 3.13.3 Version: 3.12.0 ≤ 3.12.8 Version: 3.11.0 ≤ 3.11.14 Version: 3.10.0 ≤ 3.10.16 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T20:36:55.783557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T20:37:07.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.14.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.14.0",
"status": "affected",
"version": "3.14",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.13.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.3",
"status": "affected",
"version": "3.13.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.12.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.8",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.15",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.14",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.16",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "R31n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering.\u0026nbsp;\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThis vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThis vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering.\u00a0This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1.\u00a0This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T20:09:01.746Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.1"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.4"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.9"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.17"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-8770",
"datePublished": "2024-09-23T20:09:01.746Z",
"dateReserved": "2024-09-12T22:04:09.227Z",
"dateUpdated": "2024-09-23T20:37:07.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22868
Vulnerability from cvelistv5
Published
2021-09-24 17:50
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This vulnerability was reported via the GitHub Bug Bounty program. This is the result of an incomplete fix for CVE-2021-22867.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.22 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 2.22 < 2.22.22 Version: 3.0 < 3.0.16 Version: 3.1 < 3.1.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "2.22.22",
"status": "affected",
"version": "2.22",
"versionType": "custom"
},
{
"lessThan": "3.0.16",
"status": "affected",
"version": "3.0",
"versionType": "custom"
},
{
"lessThan": "3.1.8",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "yvvdwf"
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This vulnerability was reported via the GitHub Bug Bounty program. This is the result of an incomplete fix for CVE-2021-22867."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Command Injection - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-24T17:50:16",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.22"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2021-22868",
"STATE": "PUBLIC",
"TITLE": "Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.22",
"version_value": "2.22.22"
},
{
"version_affected": "\u003c",
"version_name": "3.0",
"version_value": "3.0.16"
},
{
"version_affected": "\u003c",
"version_name": "3.1",
"version_value": "3.1.8"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "yvvdwf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This vulnerability was reported via the GitHub Bug Bounty program. This is the result of an incomplete fix for CVE-2021-22867."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Command Injection - Generic"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.16",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.16"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.8",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.8"
},
{
"name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.22",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.22"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2021-22868",
"datePublished": "2021-09-24T17:50:16",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22864
Vulnerability from cvelistv5
Published
2021-03-23 21:40
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.17 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.9 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.3 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 2.21 < 2.21.17 Version: 2.22 < 2.22.9 Version: 3.0 < 3.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "2.21.17",
"status": "affected",
"version": "2.21",
"versionType": "custom"
},
{
"lessThan": "2.22.9",
"status": "affected",
"version": "2.22",
"versionType": "custom"
},
{
"lessThan": "3.0.3",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "yvvdwf"
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Command Injection - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T21:40:12",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2021-22864",
"STATE": "PUBLIC",
"TITLE": "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.21",
"version_value": "2.21.17"
},
{
"version_affected": "\u003c",
"version_name": "2.22",
"version_value": "2.22.9"
},
{
"version_affected": "\u003c",
"version_name": "3.0",
"version_value": "3.0.3"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "yvvdwf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Command Injection - Generic"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.17",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.17"
},
{
"name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.9",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.9"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.3",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.3"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2021-22864",
"datePublished": "2021-03-23T21:40:12",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6847
Vulnerability from cvelistv5
Published
2023-12-21 20:46
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.9.0 ≤ Version: 3.10.0 ≤ Version: 3.11.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.9.7",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"lessThan": "3.10.4",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"lessThan": "3.11.1",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ahacker1"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.\u003cbr\u003e"
}
],
"value": "An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T20:46:07.362Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Authentication in GitHub Enterprise Server leading to Authentication Bypass for Public Repository Data",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-6847",
"datePublished": "2023-12-21T20:46:07.362Z",
"dateReserved": "2023-12-15T16:07:50.990Z",
"dateUpdated": "2024-08-02T08:42:07.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23741
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.3 < 3.3.17 Version: 3.4 < 3.4.12 Version: 3.5 < 3.5.9 Version: 3.6 < 3.6.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.3.17",
"status": "affected",
"version": "3.3",
"versionType": "custom"
},
{
"lessThan": "3.4.12",
"status": "affected",
"version": "3.4",
"versionType": "custom"
},
{
"lessThan": "3.5.9",
"status": "affected",
"version": "3.5",
"versionType": "custom"
},
{
"lessThan": "3.6.5",
"status": "affected",
"version": "3.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vaibhav Singh (@vaib25vicky)"
}
],
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-14T00:00:00",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access"
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2022-23741",
"datePublished": "2022-12-14T00:00:00",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:46.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9539
Vulnerability from cvelistv5
Published
2024-10-11 17:52
Modified
2024-10-11 18:43
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to upload malicious SVG files and phish a victim user to click on that uploaded asset URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.2, 3.13.5, 3.12.10, 3.11.16. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.14.0 ≤ 3.14.1 Version: 3.13.0 ≤ 3.13.4 Version: 3.12.0 ≤ 3.12.9 Version: 3.11.0 ≤ 3.11.15 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9539",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T18:43:33.374629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:43:42.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.14.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.14.1",
"status": "affected",
"version": "3.14.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.13.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.4",
"status": "affected",
"version": "3.13.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.12.10",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.9",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.15",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "P\u0103un Luca"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to upload malicious SVG files and phish a victim user to click on that uploaded asset URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.2, 3.13.5, 3.12.10, 3.11.16. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to upload malicious SVG files and phish a victim user to click on that uploaded asset URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.2, 3.13.5, 3.12.10, 3.11.16. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T17:52:35.386Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.2"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.5"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.10"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-9539",
"datePublished": "2024-10-11T17:52:35.386Z",
"dateReserved": "2024-10-04T18:06:12.657Z",
"dateUpdated": "2024-10-11T18:43:42.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23764
Vulnerability from cvelistv5
Published
2023-07-27 20:45
Modified
2024-10-16 20:11
Severity ?
EPSS score ?
Summary
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.7.0 Version: 3.8.0 Version: 3.9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:42:25.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T20:07:33.344012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T20:11:49.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.7.9",
"status": "affected",
"version": "3.7.0",
"versionType": "3.7.9"
},
{
"lessThan": "3.8.2",
"status": "affected",
"version": "3.8.0",
"versionType": "3.8.2"
},
{
"lessThan": "3.9.1",
"status": "affected",
"version": "3.9.0",
"versionType": "3.9.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "inspector-ambitious"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.\n\n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-27T20:45:19.973Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.1"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.2"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.9"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-23764",
"datePublished": "2023-07-27T20:45:19.973Z",
"dateReserved": "2023-01-17T20:40:37.554Z",
"dateUpdated": "2024-10-16T20:11:49.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23760
Vulnerability from cvelistv5
Published
2023-03-08 18:43
Modified
2025-02-28 19:48
Severity ?
EPSS score ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.4.0 ≤ 3.4.16 Version: 3.5.0 ≤ 3.5.13 Version: 3.6.0 ≤ 3.6.9 Version: 3.7.0 ≤ 3.7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:42:25.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.10"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.14"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.17"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:48:16.112790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:48:30.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.4.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.4.16",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.5.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.5.13",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.6.10",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.6.9",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.7.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.7.6",
"status": "affected",
"version": "3.7.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "yvvdwf"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/p\u003e\n\n\n"
}
],
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-08T18:43:51.187Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.10"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.14"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.17"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path traversal in GitHub Enterprise Server leading to remote code execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-23760",
"datePublished": "2023-03-08T18:43:51.187Z",
"dateReserved": "2023-01-17T20:40:37.553Z",
"dateUpdated": "2025-02-28T19:48:30.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-1082
Vulnerability from cvelistv5
Published
2024-02-13 18:47
Modified
2024-08-01 18:26
Severity ?
EPSS score ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.8.0 ≤ Version: 3.9.0 ≤ Version: 3.10.0 ≤ Version: 3.11.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.8.15",
"status": "unaffected"
}
],
"lessThan": "3.8.15",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.10",
"status": "unaffected"
}
],
"lessThan": "3.9.10",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.7",
"status": "unaffected"
}
],
"lessThan": "3.10.7",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.5",
"status": "unaffected"
}
],
"lessThan": "3.11.5",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "yvvdwf"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eattacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball\u003c/span\u003e. \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTo exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance\u003c/span\u003e. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.\u003cbr\u003e"
}
],
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an\u00a0attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-28T15:39:56.533Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path traversal vulnerability in GitHub Enterprise Server that allowed arbitrary file read with a specially crafted GitHub Pages artifact upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-1082",
"datePublished": "2024-02-13T18:47:10.591Z",
"dateReserved": "2024-01-30T19:17:02.516Z",
"dateUpdated": "2024-08-01T18:26:30.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0507
Vulnerability from cvelistv5
Published
2024-01-16 18:51
Modified
2024-10-22 15:50
Severity ?
EPSS score ?
Summary
An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.8.0 ≤ 3.8.12 Version: 3.9.0 ≤ 3.9.7 Version: 3.10.0 ≤ 3.10.4 Version: 3.11.0 ≤ 3.11.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:34.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:github:enterprise_server:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_server",
"vendor": "github",
"versions": [
{
"lessThanOrEqual": "3.8.12",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.9.7",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.10.4",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.11.2",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T15:45:43.280692Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T15:50:55.430Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThanOrEqual": "3.8.12",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.9.7",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.10.4",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.11.2",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Imre Rad"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"value": "An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T18:51:28.374Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege Escalation by Code Injection in the Management Console in GitHub Enterprise Server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-0507",
"datePublished": "2024-01-16T18:51:28.374Z",
"dateReserved": "2024-01-12T15:20:54.402Z",
"dateUpdated": "2024-10-22T15:50:55.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-46258
Vulnerability from cvelistv5
Published
2023-01-09 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability affected all versions of GitHub Enterprise Server prior to version 3.7 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, and 3.6.4. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.3 < 3.3.16 Version: 3.4 < 3.4.11 Version: 3.5 < 3.5.8 Version: 3.6 < 3.6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:45.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.16"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.11"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.3.16",
"status": "affected",
"version": "3.3",
"versionType": "custom"
},
{
"lessThan": "3.4.11",
"status": "affected",
"version": "3.4",
"versionType": "custom"
},
{
"lessThan": "3.5.8",
"status": "affected",
"version": "3.5",
"versionType": "custom"
},
{
"lessThan": "3.6.4",
"status": "affected",
"version": "3.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alex Ilgayev"
},
{
"lang": "en",
"value": "Vaibhav Singh (@vaib25vicky)"
}
],
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability affected all versions of GitHub Enterprise Server prior to version 3.7 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, and 3.6.4. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-30T00:00:00",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.16"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.11"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.8"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.4"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect Authorization in GitHub Enterprise Server leads to Action Workflow modifications without Workflow Scope"
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2022-46258",
"datePublished": "2023-01-09T00:00:00",
"dateReserved": "2022-11-28T00:00:00",
"dateUpdated": "2024-08-03T14:31:45.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6804
Vulnerability from cvelistv5
Published
2023-12-21 20:45
Modified
2024-11-27 18:41
Severity ?
EPSS score ?
Summary
Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.8.0 ≤ 3.8.11 Version: 3.9.0 ≤ 3.9.6 Version: 3.10.0 ≤ 3.10.3 Version: 3.11 ≤ 3.11.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T18:41:13.375322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T18:41:27.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.8.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.8.11",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.6",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.3",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.0",
"status": "affected",
"version": "3.11",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. \n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T20:45:34.098Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Privilege Management allows for arbitrary workflows to be run",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-6804",
"datePublished": "2023-12-21T20:45:34.098Z",
"dateReserved": "2023-12-13T19:26:47.233Z",
"dateUpdated": "2024-11-27T18:41:27.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22867
Vulnerability from cvelistv5
Published
2021-07-14 20:55
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and was fixed in 3.1.3, 3.0.11, and 2.22.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.17 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.11 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.3 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 2.22 < 2.22.17 Version: 3.0 < 3.0.11 Version: 3.1 < 3.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "2.22.17",
"status": "affected",
"version": "2.22",
"versionType": "custom"
},
{
"lessThan": "3.0.11",
"status": "affected",
"version": "3.0",
"versionType": "custom"
},
{
"lessThan": "3.1.3",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "yvvdwf"
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and was fixed in 3.1.3, 3.0.11, and 2.22.17. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Command Injection - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T20:55:11",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2021-22867",
"STATE": "PUBLIC",
"TITLE": "Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.22",
"version_value": "2.22.17"
},
{
"version_affected": "\u003c",
"version_name": "3.0",
"version_value": "3.0.11"
},
{
"version_affected": "\u003c",
"version_name": "3.1",
"version_value": "3.1.3"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "yvvdwf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and was fixed in 3.1.3, 3.0.11, and 2.22.17. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Command Injection - Generic"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.17",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.17"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.11",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.11"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.3",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.3"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2021-22867",
"datePublished": "2021-07-14T20:55:12",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-46255
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.7 < 3.7.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:44.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.7.1",
"status": "affected",
"version": "3.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "yvvdwf"
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-14T00:00:00",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Limitation of a Pathname to a Restricted Directory in GitHub Enterprise Server leading to RCE"
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2022-46255",
"datePublished": "2022-12-14T00:00:00",
"dateReserved": "2022-11-28T00:00:00",
"dateUpdated": "2024-08-03T14:31:44.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-46256
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.3 < 3.3.17 Version: 3.4 < 3.4.12 Version: 3.5 < 3.5.9 Version: 3.6 < 3.6.5 Version: 3.7 < 3.7.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:44.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.3.17",
"status": "affected",
"version": "3.3",
"versionType": "custom"
},
{
"lessThan": "3.4.12",
"status": "affected",
"version": "3.4",
"versionType": "custom"
},
{
"lessThan": "3.5.9",
"status": "affected",
"version": "3.5",
"versionType": "custom"
},
{
"lessThan": "3.6.5",
"status": "affected",
"version": "3.6",
"versionType": "custom"
},
{
"lessThan": "3.7.2",
"status": "affected",
"version": "3.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "yvvdwf"
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-14T00:00:00",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path traversal in GitHub Enterprise Server leading to remote code execution in GitHub Pages"
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2022-46256",
"datePublished": "2022-12-14T00:00:00",
"dateReserved": "2022-11-28T00:00:00",
"dateUpdated": "2024-08-03T14:31:44.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0200
Vulnerability from cvelistv5
Published
2024-01-16 18:50
Modified
2024-08-01 17:41
Severity ?
EPSS score ?
Summary
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.8.0 ≤ Version: 3.9.0 ≤ Version: 3.10.0 ≤ Version: 3.11.0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:github:enterprise_server:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_server",
"vendor": "github",
"versions": [
{
"status": "affected",
"version": "3.8.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0200",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T16:25:02.384808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:31.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.8.13",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"lessThan": "3.9.8",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"lessThan": "3.10.5",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"lessThan": "3.11.3",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ngo Wei Lin of STAR Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability\u0026nbsp;could lead to the execution of user-controlled methods and remote code execution. To\u0026nbsp;exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability\u00a0could lead to the execution of user-controlled methods and remote code execution. To\u00a0exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role.\u00a0This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-138",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-138 Reflection Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T18:50:48.931Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unsafe Reflection in Github Enterprise Server leading to Command Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-0200",
"datePublished": "2024-01-16T18:50:48.931Z",
"dateReserved": "2024-01-02T19:47:57.924Z",
"dateUpdated": "2024-08-01T17:41:16.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46647
Vulnerability from cvelistv5
Published
2023-12-21 20:45
Modified
2024-08-02 20:53
Severity ?
EPSS score ?
Summary
Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.8.0 ≤ 3.8.11 Version: 3.9.0 ≤ 3.9.5 Version: 3.10.0 ≤ 3.10.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.8.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.8.11",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.5",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.3",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.11.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Imre Rad"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.\u003c/span\u003e"
}
],
"value": "Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance.\u00a0This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T20:45:17.664Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Privilege Management in GitHub Enterprise Server management console leads to privilege escalation ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-46647",
"datePublished": "2023-12-21T20:45:17.664Z",
"dateReserved": "2023-10-24T13:41:13.389Z",
"dateUpdated": "2024-08-02T20:53:20.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46645
Vulnerability from cvelistv5
Published
2023-12-21 20:45
Modified
2024-09-13 14:56
Severity ?
EPSS score ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.7.0 ≤ Version: 3.8.0 ≤ Version: 3.9.0 ≤ Version: 3.10.0 ≤ Version: 3.11.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T14:55:48.835180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T14:56:06.758Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.7.19",
"status": "affected",
"version": "3.7.0",
"versionType": "semver"
},
{
"lessThan": "3.8.12",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"lessThan": "3.9.7",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"lessThan": "3.8.4",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"lessThan": "3.11.1",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "yvvdwf"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.\u003cbr\u003e"
}
],
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T20:45:23.178Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-46645",
"datePublished": "2023-12-21T20:45:23.178Z",
"dateReserved": "2023-10-24T13:41:13.389Z",
"dateUpdated": "2024-09-13T14:56:06.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5816
Vulnerability from cvelistv5
Published
2024-07-16 21:27
Modified
2024-08-01 21:25
Severity ?
EPSS score ?
Summary
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.9.17, 3.10.14, 3.11.12, 3.12.6, 3.13.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.10.0 ≤ 3.10.13 Version: 3.11.0 ≤ 3.11.11 Version: 3.12.0 ≤ 3.12.5 Version: 3.13 ≤ 3.13.0 Version: 3.9.0 ≤ 3.9.16 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T15:13:57.496747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T15:14:00.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:02.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.9.17"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.10.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.13",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.11",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.12.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.5",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.13.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.0",
"status": "affected",
"version": "3.13",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.16",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ahacker1"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003esuspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.9.17, 3.10.14, 3.11.12, 3.12.6, 3.13.1. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.9.17, 3.10.14, 3.11.12, 3.12.6, 3.13.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T21:27:00.491Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.9.17"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper authorization allows persistent access in GitHub Enterprise Server",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-5816",
"datePublished": "2024-07-16T21:27:00.491Z",
"dateReserved": "2024-06-10T20:14:52.022Z",
"dateUpdated": "2024-08-01T21:25:02.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-6336
Vulnerability from cvelistv5
Published
2024-07-16 21:27
Modified
2024-08-01 21:33
Severity ?
EPSS score ?
Summary
A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.10.0 ≤ 3.10.13 Version: 3.11.0 ≤ 3.11.11 Version: 3.12.0 ≤ 3.12.5 Version: 3.13 ≤ 3.13.0 Version: 3.9.0 ≤ 3.9.16 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T15:38:56.968094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T15:39:07.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.10.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.13",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.11",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.12.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.5",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.13.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.0",
"status": "affected",
"version": "3.13",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.16",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Omar El Latif"
},
{
"lang": "en",
"type": "finder",
"value": "Giovanni Guido"
},
{
"lang": "en",
"type": "finder",
"value": "Antonio Francesco Sardella"
},
{
"lang": "en",
"type": "finder",
"value": "Andrea Valenza"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eA Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:N/R:U/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T21:27:07.393Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Security misconfiguration was identified in GitHub Enterprise Server that allowed sensitive data exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-6336",
"datePublished": "2024-07-16T21:27:07.393Z",
"dateReserved": "2024-06-25T20:18:21.890Z",
"dateUpdated": "2024-08-01T21:33:05.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6690
Vulnerability from cvelistv5
Published
2023-12-21 20:45
Modified
2024-08-02 08:35
Severity ?
EPSS score ?
Summary
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.8 ≤ 3.8.11 Version: 3.9 ≤ 3.9.6 Version: 3.10 ≤ 3.10.3 Version: 3.11 ≤ 3.11.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.8.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.8.11",
"status": "affected",
"version": "3.8",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.6",
"status": "affected",
"version": "3.9",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.3",
"status": "affected",
"version": "3.10",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.0",
"status": "affected",
"version": "3.11",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "inspector-ambitious"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer.\u00a0This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-29",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T20:45:19.285Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-6690",
"datePublished": "2023-12-21T20:45:19.285Z",
"dateReserved": "2023-12-11T17:06:22.719Z",
"dateUpdated": "2024-08-02T08:35:14.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22865
Vulnerability from cvelistv5
Published
2021-04-02 17:25
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. The private repository metadata returned would be limited to repositories owned by the user the token identifies. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.4 and was fixed in versions 3.0.4, 2.22.10, 2.21.18. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.4 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.10 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.18 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.0 < 3.0.4 Version: 2.22 < 2.22.10 Version: 2.21 < 2.21.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.0.4",
"status": "affected",
"version": "3.0",
"versionType": "custom"
},
{
"lessThan": "2.22.10",
"status": "affected",
"version": "2.22",
"versionType": "custom"
},
{
"lessThan": "2.21.18",
"status": "affected",
"version": "2.21",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "djcruz93"
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App\u0027s web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. The private repository metadata returned would be limited to repositories owned by the user the token identifies. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.4 and was fixed in versions 3.0.4, 2.22.10, 2.21.18. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-02T17:25:14",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.18"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper access control in GitHub Enterprise Server leading to unauthorized read access to private repository metadata",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2021-22865",
"STATE": "PUBLIC",
"TITLE": "Improper access control in GitHub Enterprise Server leading to unauthorized read access to private repository metadata"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0",
"version_value": "3.0.4"
},
{
"version_affected": "\u003c",
"version_name": "2.22",
"version_value": "2.22.10"
},
{
"version_affected": "\u003c",
"version_name": "2.21",
"version_value": "2.21.18"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "djcruz93"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App\u0027s web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. The private repository metadata returned would be limited to repositories owned by the user the token identifies. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.4 and was fixed in versions 3.0.4, 2.22.10, 2.21.18. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.4",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.4"
},
{
"name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.10",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.10"
},
{
"name": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.18",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.18"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2021-22865",
"datePublished": "2021-04-02T17:25:14",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7711
Vulnerability from cvelistv5
Published
2024-08-20 19:17
Modified
2024-08-20 19:46
Severity ?
EPSS score ?
Summary
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server versions before 3.14 and was fixed in versions 3.13.3, 3.12.8, and 3.11.14. Versions 3.10 of GitHub Enterprise Server are not affected. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.11.0 ≤ 3.11.13 Version: 3.12.0 ≤ 3.12.7 Version: 3.13.0 ≤ 3.13.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T19:46:19.440056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T19:46:55.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.11.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.13",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.12.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.13.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.2",
"status": "affected",
"version": "3.13.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ahacker1"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server versions before 3.14 and was fixed in versions 3.13.3, 3.12.8, and 3.11.14. Versions 3.10 of GitHub Enterprise Server are not affected. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server versions before 3.14 and was fixed in versions 3.13.3, 3.12.8, and 3.11.14. Versions 3.10 of GitHub Enterprise Server are not affected. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T19:17:37.776Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-7711",
"datePublished": "2024-08-20T19:17:37.776Z",
"dateReserved": "2024-08-12T18:11:15.883Z",
"dateUpdated": "2024-08-20T19:46:55.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41599
Vulnerability from cvelistv5
Published
2022-02-17 23:35
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.0 < 3.0.21 Version: 3.1 < 3.1.13 Version: 3.2 < 3.2.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:29.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.0.21",
"status": "affected",
"version": "3.0",
"versionType": "custom"
},
{
"lessThan": "3.1.13",
"status": "affected",
"version": "3.1",
"versionType": "custom"
},
{
"lessThan": "3.2.5",
"status": "affected",
"version": "3.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "yvvdwf"
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77, CWE-691, CWE-459",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-17T23:35:12",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper control flow in GitHub Enterprise Server hosted Pages leads to remote code execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2021-41599",
"STATE": "PUBLIC",
"TITLE": "Improper control flow in GitHub Enterprise Server hosted Pages leads to remote code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0",
"version_value": "3.0.21"
},
{
"version_affected": "\u003c",
"version_name": "3.1",
"version_value": "3.1.13"
},
{
"version_affected": "\u003c",
"version_name": "3.2",
"version_value": "3.2.5"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "yvvdwf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77, CWE-691, CWE-459"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.21",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.21"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.13",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.13"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.5",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.5"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2021-41599",
"datePublished": "2022-02-17T23:35:12",
"dateReserved": "2021-09-24T00:00:00",
"dateUpdated": "2024-08-04T03:15:29.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23739
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that are not tied to a repository regardless of granted permissions, such as users and organization-wide projects. Resources associated with repositories were not impacted, such as repository file content, repository-specific projects, issues, or pull requests. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7.1 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, 3.6.4, 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.3 < 3.3.16 Version: 3.4 < 3.4.11 Version: 3.5 < 3.5.8 Version: 3.6 < 3.6.4 Version: 3.7 < 3.7.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.16"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.11"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.3.16",
"status": "affected",
"version": "3.3",
"versionType": "custom"
},
{
"lessThan": "3.4.11",
"status": "affected",
"version": "3.4",
"versionType": "custom"
},
{
"lessThan": "3.5.8",
"status": "affected",
"version": "3.5",
"versionType": "custom"
},
{
"lessThan": "3.6.4",
"status": "affected",
"version": "3.6",
"versionType": "custom"
},
{
"lessThan": "3.7.1",
"status": "affected",
"version": "3.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ahacker1"
}
],
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that are not tied to a repository regardless of granted permissions, such as users and organization-wide projects. Resources associated with repositories were not impacted, such as repository file content, repository-specific projects, issues, or pull requests. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7.1 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, 3.6.4, 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.16"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.11"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.8"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.4"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect authorization check in GitHub Enterprise Server leading to escalation of privileges in GraphQL API requests from GitHub Apps using scoped user-to-server tokens"
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2022-23739",
"datePublished": "2023-01-17T00:00:00",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:46.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-6395
Vulnerability from cvelistv5
Published
2024-07-16 21:27
Modified
2024-08-01 21:41
Severity ?
EPSS score ?
Summary
An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.10.0 ≤ 3.10.13 Version: 3.11.0 ≤ 3.11.11 Version: 3.12.0 ≤ 3.12.5 Version: 3.13 ≤ 3.13.0 Version: 3.9.0 ≤ 3.9.16 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T14:16:45.561581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T14:16:58.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://help.github.com/enterprise-server@3.10/admin/release-notes#3.10.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.10.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.13",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.11",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.12.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.5",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.13.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.0",
"status": "affected",
"version": "3.13",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.16",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ahacker1"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. \u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThis vulnerability did not allow unauthorized access to any repository content besides the name. \u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThis vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-261",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/V:C/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T21:27:10.901Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://help.github.com/enterprise-server@3.10/admin/release-notes#3.10.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Deploy Keys",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-6395",
"datePublished": "2024-07-16T21:27:10.901Z",
"dateReserved": "2024-06-27T17:43:52.407Z",
"dateUpdated": "2024-08-01T21:41:03.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23733
Vulnerability from cvelistv5
Published
2022-08-02 16:05
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.3 < 3.3.11 Version: 3.4 < 3.4.6 Version: 3.5 < 3.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.3.11",
"status": "affected",
"version": "3.3",
"versionType": "custom"
},
{
"lessThan": "3.4.6",
"status": "affected",
"version": "3.4",
"versionType": "custom"
},
{
"lessThan": "3.5.3",
"status": "affected",
"version": "3.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "None"
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github\u0027s Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS) - Stored",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-02T16:05:14",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored XSS vulnerability in GitHub Enterprise Server leading to injection of arbitrary attributes",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2022-23733",
"STATE": "PUBLIC",
"TITLE": "Stored XSS vulnerability in GitHub Enterprise Server leading to injection of arbitrary attributes"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.3",
"version_value": "3.3.11"
},
{
"version_affected": "\u003c",
"version_name": "3.4",
"version_value": "3.4.6"
},
{
"version_affected": "\u003c",
"version_name": "3.5",
"version_value": "3.5.3"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "None"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github\u0027s Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS) - Stored"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.11",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.11"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.6",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.6"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.3",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.3"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2022-23733",
"datePublished": "2022-08-02T16:05:14",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5795
Vulnerability from cvelistv5
Published
2024-07-16 21:26
Modified
2024-08-01 21:25
Severity ?
EPSS score ?
Summary
A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.9.0 ≤ 3.9.16 Version: 3.10.0 ≤ 3.10.13 Version: 3.11.0 ≤ 3.11.11 Version: 3.12.0 ≤ 3.12.5 Version: 3.13 ≤ 3.13.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T13:58:44.001087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T14:40:29.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:01.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.9.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.16",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.13",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.11",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.12.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.5",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.13.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.0",
"status": "affected",
"version": "3.13",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T21:26:54.243Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed resource exhaustion",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-5795",
"datePublished": "2024-07-16T21:26:54.243Z",
"dateReserved": "2024-06-10T15:12:00.887Z",
"dateUpdated": "2024-08-01T21:25:01.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22869
Vulnerability from cvelistv5
Published
2021-09-24 17:50
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.0 < 3.0.16 Version: 3.1 < 3.1.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.0.16",
"status": "affected",
"version": "3.0",
"versionType": "custom"
},
{
"lessThan": "3.1.8",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-24T17:50:10",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Improper access control in GitHub Enterprise Server allows self-hosted runners to execute outside their control group",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2021-22869",
"STATE": "PUBLIC",
"TITLE": "Improper access control in GitHub Enterprise Server allows self-hosted runners to execute outside their control group"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0",
"version_value": "3.0.16"
},
{
"version_affected": "\u003c",
"version_name": "3.1",
"version_value": "3.1.8"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.16",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.16"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.8",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.8"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2021-22869",
"datePublished": "2021-09-24T17:50:10",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23740
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.7 < 3.7.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.7.1",
"status": "affected",
"version": "3.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "yvvdwf"
}
],
"descriptions": [
{
"lang": "en",
"value": "CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Argument Delimiters in a Command in GitHub Enterprise Server leading to Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2022-23740",
"datePublished": "2022-11-23T00:00:00",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:46.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-1374
Vulnerability from cvelistv5
Published
2024-02-13 18:54
Modified
2024-08-01 18:40
Severity ?
EPSS score ?
Summary
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.8.0 ≤ Version: 3.9.0 ≤ Version: 3.10.0 ≤ Version: 3.11.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:20.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.8.15",
"status": "unaffected"
}
],
"lessThan": "3.8.15",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.10",
"status": "unaffected"
}
],
"lessThan": "3.9.10",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.7",
"status": "unaffected"
}
],
"lessThan": "3.10.7",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.5",
"status": "unaffected"
}
],
"lessThan": "3.11.5",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Inspector-ambitious"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003en attacker with an editor role in the Management Console to gain admin SSH access to the appliance via\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;nomad templates when configuring audit log forwarding\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://bounty.github.com\"\u003eGitHub Bug Bounty program\u003c/a\u003e.\u003cbr\u003e"
}
],
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via\u00a0nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-28T15:42:21.060Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-1374",
"datePublished": "2024-02-13T18:54:18.668Z",
"dateReserved": "2024-02-08T20:05:31.488Z",
"dateUpdated": "2024-08-01T18:40:20.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9487
Vulnerability from cvelistv5
Published
2024-10-10 21:08
Modified
2024-10-11 15:34
Severity ?
EPSS score ?
Summary
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.11.0 ≤ 3.11.15 Version: 3.12.0 ≤ 3.12.9 Version: 3.13.0 ≤ 3.13.4 Version: 3.14.0 ≤ 3.14.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "enterprise_server",
"vendor": "github",
"versions": [
{
"lessThanOrEqual": "3.11.15",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.12.9",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.13.4",
"status": "affected",
"version": "3.13.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.14.1",
"status": "affected",
"version": "3.14.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T15:31:52.132151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T15:34:07.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.11.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.15",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.12.10",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.9",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.13.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.4",
"status": "affected",
"version": "3.13.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.14.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.14.1",
"status": "affected",
"version": "3.14.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SecureSAML.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was reported via the GitHub Bug Bounty program.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/R:U/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T21:08:48.720Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.10"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.5"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "An Improper Verification of Cryptographic Signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed when the encrypted assertions feature was enabled",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-9487",
"datePublished": "2024-10-10T21:08:48.720Z",
"dateReserved": "2024-10-03T17:35:13.960Z",
"dateUpdated": "2024-10-11T15:34:07.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46649
Vulnerability from cvelistv5
Published
2023-12-21 20:45
Modified
2024-08-02 20:53
Severity ?
EPSS score ?
Summary
A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.7.0 ≤ 3.7.18 Version: 3.8.0 ≤ 3.8.11 Version: 3.9.0 ≤ 3.9.6 Version: 3.10.0 ≤ 3.10.3 Version: 3.11 ≤ 3.11.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.7.19",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.7.18",
"status": "affected",
"version": "3.7.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.8.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.8.11",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.6",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.3",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.0",
"status": "affected",
"version": "3.11",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user.\u0026nbsp;This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u0026nbsp;"
}
],
"value": "A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user.\u00a0This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0"
}
],
"impacts": [
{
"capecId": "CAPEC-29",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T20:45:43.763Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Race Condition allows Administrative Access on Organization Repositories",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-46649",
"datePublished": "2023-12-21T20:45:43.763Z",
"dateReserved": "2023-10-24T13:41:13.390Z",
"dateUpdated": "2024-08-02T20:53:20.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41598
Vulnerability from cvelistv5
Published
2022-01-25 19:45
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but if the user later updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, those additional permissions would not be displayed, leading to more permissions being granted than the user potentially intended. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.0 < 3.0.21 Version: 3.1 < 3.1.13 Version: 3.2 < 3.2.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:29.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.0.21",
"status": "affected",
"version": "3.0",
"versionType": "custom"
},
{
"lessThan": "3.1.13",
"status": "affected",
"version": "3.1",
"versionType": "custom"
},
{
"lessThan": "3.2.5",
"status": "affected",
"version": "3.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vaibhav Singh (vaib25vicky)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App\u0027s user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but if the user later updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, those additional permissions would not be displayed, leading to more permissions being granted than the user potentially intended. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-25T19:45:12",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2021-41598",
"STATE": "PUBLIC",
"TITLE": "UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0",
"version_value": "3.0.21"
},
{
"version_affected": "\u003c",
"version_name": "3.1",
"version_value": "3.1.13"
},
{
"version_affected": "\u003c",
"version_name": "3.2",
"version_value": "3.2.5"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vaibhav Singh (vaib25vicky)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App\u0027s user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but if the user later updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, those additional permissions would not be displayed, leading to more permissions being granted than the user potentially intended. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-451: User Interface (UI) Misrepresentation of Critical Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.21",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.21"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.13",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.13"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.5",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.5"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2021-41598",
"datePublished": "2022-01-25T19:45:12",
"dateReserved": "2021-09-24T00:00:00",
"dateUpdated": "2024-08-04T03:15:29.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-1084
Vulnerability from cvelistv5
Published
2024-02-13 18:44
Modified
2024-08-01 18:26
Severity ?
EPSS score ?
Summary
Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in all versions of 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.8 ≤ 3.8.14 Version: 3.9 ≤ 3.9.9 Version: 3.10 ≤ 3.10.6 Version: 3.11 ≤ 3.11.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-15T20:50:39.100882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:00:12.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.8.15",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.8",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.10",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.9",
"status": "affected",
"version": "3.9",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.6",
"status": "affected",
"version": "3.10",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.4",
"status": "affected",
"version": "3.11",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Johan Carlsson (https://twitter.com/joaxcar)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Roshan Kudave (https://twitter.com/ROSHANKUDAVE3)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sudhanshu Rajbhar (https://twitter.com/sudhanshur705)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site Scripting in the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003etag name pat\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003etern field in the tag protections UI\u003c/span\u003e in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;CSRF tokens. T\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003ehis vulnerability affected all versions of GitHub Enterprise Server prior to 3.12\u0026nbsp; and was fixed in all versions of 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Cross-site Scripting in the\u00a0tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created\u00a0CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12\u00a0 and was fixed in all versions of 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T18:44:05.830Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-1084",
"datePublished": "2024-02-13T18:44:05.830Z",
"dateReserved": "2024-01-30T19:51:33.108Z",
"dateUpdated": "2024-08-01T18:26:30.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22380
Vulnerability from cvelistv5
Published
2023-02-16 00:00
Modified
2024-08-02 10:07
Severity ?
EPSS score ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.6. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.7 < 3.7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.7.6",
"status": "affected",
"version": "3.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "yvvdwf"
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.6. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T00:00:00",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.6"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site"
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-22380",
"datePublished": "2023-02-16T00:00:00",
"dateReserved": "2022-12-20T00:00:00",
"dateUpdated": "2024-08-02T10:07:06.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46646
Vulnerability from cvelistv5
Published
2023-12-21 20:45
Modified
2024-11-27 18:41
Severity ?
EPSS score ?
Summary
Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.7.0 ≤ 3.7.18 Version: 3.8.0 ≤ 3.8.11 Version: 3.9.0 ≤ 3.9.6 Version: 3.10.0 ≤ 3.10.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T18:41:46.489139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T18:41:53.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.7.19",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.7.18",
"status": "affected",
"version": "3.7.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.8.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.8.11",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.6",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.3",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.11.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ahacker1"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the \"Get a check run\" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name.\u0026nbsp;\u003c/span\u003eThis vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0."
}
],
"value": "Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the \"Get a check run\" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name.\u00a0This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T20:45:15.264Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-46646",
"datePublished": "2023-12-21T20:45:15.264Z",
"dateReserved": "2023-10-24T13:41:13.389Z",
"dateUpdated": "2024-11-27T18:41:53.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-1372
Vulnerability from cvelistv5
Published
2024-02-13 18:54
Modified
2024-08-01 18:40
Severity ?
EPSS score ?
Summary
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.8.0 ≤ Version: 3.9.0 ≤ Version: 3.10.0 ≤ Version: 3.11.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:19.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.8.15",
"status": "unaffected"
}
],
"lessThan": "3.8.15",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.10",
"status": "unaffected"
}
],
"lessThan": "3.9.10",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.7",
"status": "unaffected"
}
],
"lessThan": "3.10.7",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.5",
"status": "unaffected"
}
],
"lessThan": "3.11.5",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "R31n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003en attacker with an editor role in the Management Console to gain admin SSH access to the appliance \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhen configuring SAML settings\u003c/span\u003e\u003c/span\u003e. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://bounty.github.com\"\u003eGitHub Bug Bounty program\u003c/a\u003e.\u003cbr\u003e"
}
],
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-28T15:41:59.912Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-1372",
"datePublished": "2024-02-13T18:54:03.413Z",
"dateReserved": "2024-02-08T20:00:50.531Z",
"dateUpdated": "2024-08-01T18:40:19.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23763
Vulnerability from cvelistv5
Published
2023-09-01 14:23
Modified
2024-10-01 14:23
Severity ?
EPSS score ?
Summary
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.6.0 ≤ Version: 3.7.0 ≤ Version: 3.8.0 ≤ Version: 3.9.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:42:25.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.18-security-fixes"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.16-security-fixes"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9-security-fixes"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.4-security-fixes"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T14:23:08.297111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T14:23:19.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.6.18",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.7.16",
"status": "affected",
"version": "3.7.0",
"versionType": "semver"
},
{
"lessThan": "3.8.9",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"lessThan": "3.9.4",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "inspector-ambitious"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to \u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eretain read access to an upstream repository after its visibility was changed to private\u003c/span\u003e. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program.\u003cbr\u003e"
}
],
"value": "An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116 Excavation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-01T14:54:47.228Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.18-security-fixes"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.16-security-fixes"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9-security-fixes"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.4-security-fixes"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Information disclosure in GitHub Enterprise Server leading to private repository leakage",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-23763",
"datePublished": "2023-09-01T14:23:42.930Z",
"dateReserved": "2023-01-17T20:40:37.553Z",
"dateUpdated": "2024-10-01T14:23:19.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-6337
Vulnerability from cvelistv5
Published
2024-08-20 19:19
Modified
2024-08-21 13:43
Severity ?
EPSS score ?
Summary
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access token was not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.10.0 ≤ 3.10.15 Version: 3.11.0 ≤ 3.11.14 Version: 3.12.0 ≤ 3.12.7 Version: 3.13.0 ≤ 3.13.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T13:27:35.698833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T13:43:00.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.10.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.15",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.14",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.12.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.13.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.2",
"status": "affected",
"version": "3.13.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "VAIBHAV SINGH (@vaib25vicky)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only \u003cb\u003econtent: read\u003c/b\u003e and \u003cb\u003epull_request_write: write\u003c/b\u003e permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access token was not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access token was not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/S:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T19:19:49.193Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Authorization allows read access to issues in GitHub Enterprise Server",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-6337",
"datePublished": "2024-08-20T19:19:49.193Z",
"dateReserved": "2024-06-25T21:20:27.045Z",
"dateUpdated": "2024-08-21T13:43:00.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-1355
Vulnerability from cvelistv5
Published
2024-02-13 18:51
Modified
2024-08-01 18:33
Severity ?
EPSS score ?
Summary
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.8.0 ≤ Version: 3.9.0 ≤ Version: 3.10.0 ≤ Version: 3.11.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:25.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.8.15",
"status": "unaffected"
}
],
"lessThan": "3.8.15",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.10",
"status": "unaffected"
}
],
"lessThan": "3.9.10",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.7",
"status": "unaffected"
}
],
"lessThan": "3.10.7",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.5",
"status": "unaffected"
}
],
"lessThan": "3.11.5",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "inspector-ambitious"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003en attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003ccode\u003eactions-console\u003c/code\u003e\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;docker container while setting a service URL\u003c/span\u003e\u003c/span\u003e. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.\u003cbr\u003e"
}
],
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console\u00a0docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-28T15:41:02.070Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-1355",
"datePublished": "2024-02-13T18:51:14.254Z",
"dateReserved": "2024-02-08T18:10:53.185Z",
"dateUpdated": "2024-08-01T18:33:25.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-1378
Vulnerability from cvelistv5
Published
2024-02-13 18:54
Modified
2024-08-16 19:08
Severity ?
EPSS score ?
Summary
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.8.0 ≤ Version: 3.9.0 ≤ Version: 3.10.0 ≤ Version: 3.11.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:19.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_server",
"vendor": "github",
"versions": [
{
"lessThan": "3.8.15",
"status": "affected",
"version": "3.8.0",
"versionType": "custom"
},
{
"lessThan": "3.9.10",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"lessThan": "3.10.7",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"lessThan": "3.11.5",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.12"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T19:05:06.867697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T19:08:04.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.8.15",
"status": "unaffected"
}
],
"lessThan": "3.8.15",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.10",
"status": "unaffected"
}
],
"lessThan": "3.9.10",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.7",
"status": "unaffected"
}
],
"lessThan": "3.10.7",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.5",
"status": "unaffected"
}
],
"lessThan": "3.11.5",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Inspector-ambitious"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003en attacker with an editor role in the Management Console to gain admin SSH access to the appliance via\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003enomad templates when configuring SMTP options\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://bounty.github.com\"\u003eGitHub Bug Bounty program\u003c/a\u003e.\u003cbr\u003e"
}
],
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via\u00a0nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-28T15:42:37.329Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-1378",
"datePublished": "2024-02-13T18:54:29.943Z",
"dateReserved": "2024-02-08T20:17:03.221Z",
"dateUpdated": "2024-08-16T19:08:04.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23761
Vulnerability from cvelistv5
Published
2023-04-07 18:41
Modified
2025-02-07 20:14
Severity ?
EPSS score ?
Summary
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist's URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.4.0 ≤ 3.4.17 Version: 3.5.0 ≤ 3.5.14 Version: 3.6.0 ≤ 3.6.10 Version: 3.7.0 ≤ 3.7.7 Version: 3.8.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:42:26.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.11"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.18"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T20:14:19.322772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T20:14:26.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.4.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.4.17",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.5.15",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.5.14",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.6.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.6.10",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.7.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.7.7",
"status": "affected",
"version": "3.7.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.8.1",
"status": "unaffected"
}
],
"lessThan": "3.8.1",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users\u0027 secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0027\u003c/span\u003es URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"value": "An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users\u0027 secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist\u0027s URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T15:00:56.300Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.1"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.8"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.11"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.18"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper authentication vulnerability in GitHub Enterprise Server leading to modification of secret gists",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-23761",
"datePublished": "2023-04-07T18:41:47.038Z",
"dateReserved": "2023-01-17T20:40:37.553Z",
"dateUpdated": "2025-02-07T20:14:26.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22381
Vulnerability from cvelistv5
Published
2023-03-02 20:54
Modified
2025-03-05 20:05
Severity ?
EPSS score ?
Summary
A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to control the value of environment variables for use with GitHub Actions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.8.0 and was fixed in versions 3.4.15, 3.5.12, 3.6.8, 3.7.5. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.4.0 ≤ 3.4.14 Version: 3.5.0 ≤ 3.5.11 Version: 3.6.0 ≤ 3.6.7 Version: 3.7.0 ≤ 3.7.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.5"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22381",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T20:04:54.716662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T20:05:02.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.4.15",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.4.14",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.5.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.5.11",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.6.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.6.7",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.7.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.7.4",
"status": "affected",
"version": "3.7.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "RyotaK"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to control the value of environment variables for use with GitHub Actions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.8.0 and was fixed in versions 3.4.15, 3.5.12, 3.6.8, 3.7.5. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/p\u003e\n\n\n"
}
],
"value": "A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to control the value of environment variables for use with GitHub Actions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.8.0 and was fixed in versions 3.4.15, 3.5.12, 3.6.8, 3.7.5. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-77",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-77 Manipulating User-Controlled Variables"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T20:54:34.191Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.5"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.8"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Code injection in GitHub Enterprise Server leading to arbitrary environment variables in GitHub Actions",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-22381",
"datePublished": "2023-03-02T20:54:34.191Z",
"dateReserved": "2022-12-20T16:09:19.318Z",
"dateUpdated": "2025-03-05T20:05:02.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-46257
Vulnerability from cvelistv5
Published
2023-03-07 00:00
Modified
2025-03-06 14:52
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploit this vulnerability, an attacker would need access to the GHES instance, permissions to modify GitHub Actions runner groups, and successfully guess the obfuscated ID of private repositories. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.3 < 3.3.17 Version: 3.4 < 3.4.12 Version: 3.5 < 3.5.9 Version: 3.6 < 3.6.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:45.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T14:52:28.943417Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T14:52:44.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.3.17",
"status": "affected",
"version": "3.3",
"versionType": "custom"
},
{
"lessThan": "3.4.12",
"status": "affected",
"version": "3.4",
"versionType": "custom"
},
{
"lessThan": "3.5.9",
"status": "affected",
"version": "3.5",
"versionType": "custom"
},
{
"lessThan": "3.6.5",
"status": "affected",
"version": "3.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anthony Bouvet (Kuromatae)"
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploit this vulnerability, an attacker would need access to the GHES instance, permissions to modify GitHub Actions runner groups, and successfully guess the obfuscated ID of private repositories. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T00:00:00.000Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Information disclosure in GitHub Enterprise Server leading to unauthorized viewing of private repository names"
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2022-46257",
"datePublished": "2023-03-07T00:00:00.000Z",
"dateReserved": "2022-11-28T00:00:00.000Z",
"dateUpdated": "2025-03-06T14:52:44.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5817
Vulnerability from cvelistv5
Published
2024-07-16 21:27
Modified
2024-08-01 21:25
Severity ?
EPSS score ?
Summary
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This was only exploitable in internal repositories and required the attacker to have access to the corresponding project board. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.10.0 ≤ 3.10.13 Version: 3.11.0 ≤ 3.11.11 Version: 3.12.0 ≤ 3.12.5 Version: 3.13 ≤ 3.13.0 Version: 3.9.0 ≤ 3.9.16 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T19:30:47.419487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T19:31:17.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:02.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.10.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.13",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.11",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.12.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.5",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.13.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.0",
"status": "affected",
"version": "3.13",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.16",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ahacker1"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eAn Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This was only exploitable in internal repositories and required the attacker to have access to the corresponding project board. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This was only exploitable in internal repositories and required the attacker to have access to the corresponding project board. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T21:27:03.820Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper authorization allows read access to issue content in GitHub Enterprise Server",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-5817",
"datePublished": "2024-07-16T21:27:03.820Z",
"dateReserved": "2024-06-10T20:16:49.004Z",
"dateUpdated": "2024-08-01T21:25:02.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-6800
Vulnerability from cvelistv5
Published
2024-08-20 19:21
Modified
2024-08-22 14:18
Severity ?
EPSS score ?
Summary
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.13.0 ≤ 3.13.2 Version: 3.12.0 ≤ 3.12.7 Version: 3.11.0 ≤ 3.11.13 Version: 3.10.0 ≤ 3.10.15 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:github:enterprise_server:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_server",
"vendor": "github",
"versions": [
{
"status": "unaffected",
"version": "3.13.3"
},
{
"lessThanOrEqual": "3.13.2",
"status": "affected",
"version": "3.13.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.12.8"
},
{
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.11.14"
},
{
"lessThanOrEqual": "3.11.13",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.10.16"
},
{
"lessThanOrEqual": "3.10.15",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T03:55:16.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.13.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.2",
"status": "affected",
"version": "3.13.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.12.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.13",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.15",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ahacker1"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003euser with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e"
}
],
"value": "An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/R:U/V:C/RE:H/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T14:18:09.305Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2024-6800",
"datePublished": "2024-08-20T19:21:31.409Z",
"dateReserved": "2024-07-16T19:05:26.418Z",
"dateUpdated": "2024-08-22T14:18:09.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23737
Vulnerability from cvelistv5
Published
2022-12-01 00:00
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, and 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.2 < 3.2.20 Version: 3.3 < 3.3.15 Version: 3.4 < 3.4.10 Version: 3.5 < 3.5.7 Version: 3.6 < 3.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.20"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.10"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.2.20",
"status": "affected",
"version": "3.2",
"versionType": "custom"
},
{
"lessThan": "3.3.15",
"status": "affected",
"version": "3.3",
"versionType": "custom"
},
{
"lessThan": "3.4.10",
"status": "affected",
"version": "3.4",
"versionType": "custom"
},
{
"lessThan": "3.5.7",
"status": "affected",
"version": "3.5",
"versionType": "custom"
},
{
"lessThan": "3.6.3",
"status": "affected",
"version": "3.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ali Shehab and Ali Kalout"
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization\u0027s repo with write permissions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, and 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-01T00:00:00",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.20"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.15"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.10"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.7"
},
{
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Privilege Management in GitHub Enterprise Server leading to page creation and deletion"
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2022-23737",
"datePublished": "2022-12-01T00:00:00",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:46.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23762
Vulnerability from cvelistv5
Published
2023-04-07 18:41
Modified
2025-02-10 15:20
Severity ?
EPSS score ?
Summary
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | Enterprise Server |
Version: 3.4.0 ≤ 3.4.17 Version: 3.5.0 ≤ 3.5.14 Version: 3.6.0 ≤ 3.6.10 Version: 3.7.0 ≤ 3.7.7 Version: 3.8.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:42:25.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.11"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.18"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T15:19:59.621391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T15:20:05.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.4.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.4.17",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.5.15",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.5.14",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.6.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.6.10",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.7.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.7.7",
"status": "affected",
"version": "3.7.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.8.1",
"status": "unaffected"
}
],
"lessThan": "3.8.1",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it\u2019s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"value": "An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it\u2019s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-148",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-148 Content Spoofing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697 Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-07T18:41:52.689Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.1"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.8"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.11"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.15"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.18"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-23762",
"datePublished": "2023-04-07T18:41:52.689Z",
"dateReserved": "2023-01-17T20:40:37.553Z",
"dateUpdated": "2025-02-10T15:20:05.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-02-13 19:15
Modified
2024-11-21 08:50
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6BA1DD-5194-4738-B23D-07FCEAFFB3DF",
"versionEndExcluding": "3.8.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C3BDFFD-8A83-4D52-8A6E-B87B8070A046",
"versionEndExcluding": "3.9.10",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB406BB2-7ABF-4A44-830F-7012CDB3D81D",
"versionEndExcluding": "3.10.7",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0529566C-AC2F-4385-93D7-578230AC453E",
"versionEndExcluding": "3.11.5",
"versionStartIncluding": "3.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console\u00a0docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de comandos en GitHub Enterprise Server que permiti\u00f3 a un atacante con una funci\u00f3n de editor en la Consola de administraci\u00f3n obtener acceso SSH de administrador al dispositivo a trav\u00e9s del contenedor acoplable de la consola de acciones mientras configuraba una URL de servicio. La explotaci\u00f3n de esta vulnerabilidad requiri\u00f3 acceso a la instancia de GitHub Enterprise Server y acceso a la Consola de administraci\u00f3n con la funci\u00f3n de editor. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en las versiones 3.11.5, 3.10.7, 3.9.10 y 3.8.15. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-1355",
"lastModified": "2024-11-21T08:50:23.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-13T19:15:09.647",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 19:15
Modified
2024-11-21 08:49
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in all versions of 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6BA1DD-5194-4738-B23D-07FCEAFFB3DF",
"versionEndExcluding": "3.8.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C3BDFFD-8A83-4D52-8A6E-B87B8070A046",
"versionEndExcluding": "3.9.10",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB406BB2-7ABF-4A44-830F-7012CDB3D81D",
"versionEndExcluding": "3.10.7",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0529566C-AC2F-4385-93D7-578230AC453E",
"versionEndExcluding": "3.11.5",
"versionStartIncluding": "3.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting in the\u00a0tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created\u00a0CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12\u00a0 and was fixed in all versions of 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.\n\n"
},
{
"lang": "es",
"value": "Cross-Site Scripting en el campo de patr\u00f3n de nombre de etiqueta en la interfaz de usuario de protecci\u00f3n de etiquetas en GitHub Enterprise Server permiten que un sitio web malicioso que requiere interacci\u00f3n del usuario e ingenier\u00eda social realice cambios en una cuenta de usuario a trav\u00e9s de la omisi\u00f3n de CSP con tokens CSRF creados. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en todas las versiones 3.11.5, 3.10.7, 3.9.10 y 3.8.15. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-1084",
"lastModified": "2024-11-21T08:49:45.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-13T19:15:09.053",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 19:15
Modified
2024-11-21 08:50
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6BA1DD-5194-4738-B23D-07FCEAFFB3DF",
"versionEndExcluding": "3.8.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C3BDFFD-8A83-4D52-8A6E-B87B8070A046",
"versionEndExcluding": "3.9.10",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB406BB2-7ABF-4A44-830F-7012CDB3D81D",
"versionEndExcluding": "3.10.7",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0529566C-AC2F-4385-93D7-578230AC453E",
"versionEndExcluding": "3.11.5",
"versionStartIncluding": "3.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de comandos en GitHub Enterprise Server que permiti\u00f3 a un atacante con una funci\u00f3n de editor en Management Console obtener acceso SSH de administrador al dispositivo al configurar los ajustes de SAML. La explotaci\u00f3n de esta vulnerabilidad requiri\u00f3 acceso a la instancia de GitHub Enterprise Server y acceso a la Consola de administraci\u00f3n con la funci\u00f3n de editor. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en las versiones 3.11.5, 3.10.7, 3.9.10 y 3.8.15. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty https://bounty.github.com."
}
],
"id": "CVE-2024-1372",
"lastModified": "2024-11-21T08:50:26.277",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-13T19:15:10.217",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-27 21:15
Modified
2024-11-21 07:46
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Summary
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99AFFB09-BA21-408F-9327-D77B302BC6A2",
"versionEndExcluding": "3.7.9",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C134E36E-CE2C-4AE4-9EE7-3C70D6DCCF0F",
"versionEndExcluding": "3.8.2",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC0199E-78C5-4423-97D8-33ABFEE4458E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.\n\n"
}
],
"id": "CVE-2023-23764",
"lastModified": "2024-11-21T07:46:47.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 4.2,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-27T21:15:10.347",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.9"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.2"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.1"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-20 20:15
Modified
2024-09-27 18:17
Severity ?
Summary
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server versions before 3.14 and was fixed in versions 3.13.3, 3.12.8, and 3.11.14. Versions 3.10 of GitHub Enterprise Server are not affected. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-cna@github.com | https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14 | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8 | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ECADA51-1495-4D35-B7C0-6ADED7EDD26D",
"versionEndExcluding": "3.11.14",
"versionStartIncluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C305C7E-C6A2-42F2-A910-203B74C71128",
"versionEndExcluding": "3.12.8",
"versionStartIncluding": "3.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A51D9A9-389E-469F-B17C-F5B7CCEEC498",
"versionEndExcluding": "3.13.3",
"versionStartIncluding": "3.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server versions before 3.14 and was fixed in versions 3.13.3, 3.12.8, and 3.11.14. Versions 3.10 of GitHub Enterprise Server are not affected. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de autorizaci\u00f3n incorrecta en GitHub Enterprise Server, lo que permite a un atacante actualizar el t\u00edtulo, los asignatarios y las etiquetas de cualquier problema dentro de un repositorio p\u00fablico. Esto s\u00f3lo era explotable dentro de un repositorio p\u00fablico. Esta vulnerabilidad afect\u00f3 a las versiones de GitHub Enterprise Server anteriores a la 3.14 y se solucion\u00f3 en las versiones 3.13.3, 3.12.8 y 3.11.14. Las versiones 3.10 de GitHub Enterprise Server no se ven afectadas. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-7711",
"lastModified": "2024-09-27T18:17:05.577",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"source": "product-cna@github.com",
"type": "Secondary"
}
]
},
"published": "2024-08-20T20:15:10.173",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-21 21:15
Modified
2024-11-21 08:44
Severity ?
3.9 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
2.0 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
2.0 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
Summary
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D983FF-FDDE-484C-AA34-31EB52E25EC2",
"versionEndExcluding": "3.8.12",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B118EB53-4459-4817-8F74-002DBA4860DA",
"versionEndExcluding": "3.9.7",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65FB74F-11AB-439B-9CF0-9F08E03E4083",
"versionEndExcluding": "3.10.4",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC723276-C3EE-4F79-857A-3A5C078C33E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer.\u00a0This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\n"
},
{
"lang": "es",
"value": "Una condici\u00f3n de ejecuci\u00f3n en GitHub Enterprise Server permiti\u00f3 a un administrador existente mantener los permisos en los repositorios transferidos al realizar una mutaci\u00f3n GraphQL para alterar los permisos del repositorio durante la transferencia. Esta vulnerabilidad afect\u00f3 a GitHub Enterprise Server versi\u00f3n 3.8.0 y superiores y se solucion\u00f3 en las versiones 3.8.12, 3.9.7, 3.10.4 y 3.11.1."
}
],
"id": "CVE-2023-6690",
"lastModified": "2024-11-21T08:44:22.093",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 3.4,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.0,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-21T21:15:14.053",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-20 20:15
Modified
2024-09-30 19:14
Severity ?
Summary
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-cna@github.com | https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16 | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14 | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8 | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "827A09EB-C889-49E4-982D-01B416DEA6C3",
"versionEndExcluding": "3.10.16",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ECADA51-1495-4D35-B7C0-6ADED7EDD26D",
"versionEndExcluding": "3.11.14",
"versionStartIncluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C305C7E-C6A2-42F2-A910-203B74C71128",
"versionEndExcluding": "3.12.8",
"versionStartIncluding": "3.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A51D9A9-389E-469F-B17C-F5B7CCEEC498",
"versionEndExcluding": "3.13.3",
"versionStartIncluding": "3.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Hab\u00eda una vulnerabilidad de ajuste de firma XML en GitHub Enterprise Server (GHES) al utilizar la autenticaci\u00f3n SAML con proveedores de identidad espec\u00edficos. Esta vulnerabilidad permiti\u00f3 a un atacante con acceso directo a la red de GitHub Enterprise Server falsificar una respuesta SAML para aprovisionar y/u obtener acceso a un usuario con privilegios de administrador del sitio. La explotaci\u00f3n de esta vulnerabilidad permitir\u00eda el acceso no autorizado a la instancia sin requerir autenticaci\u00f3n previa. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.14 y se solucion\u00f3 en las versiones 3.13.3, 3.12.8, 3.11.14 y 3.10.16. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-6800",
"lastModified": "2024-09-30T19:14:50.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:C/RE:H/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "HIGH"
},
"source": "product-cna@github.com",
"type": "Secondary"
}
]
},
"published": "2024-08-20T20:15:09.910",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-22 15:15
Modified
2024-11-21 07:46
Severity ?
4.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FCC8642-45E8-438F-8DBD-10E656F6452E",
"versionEndExcluding": "3.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31D9FC1E-D2E1-481A-8FB7-983443B5DB7D",
"versionEndExcluding": "3.7.15",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB3BAC9-225C-4A0F-A2E6-563169E4ECAC",
"versionEndExcluding": "3.8.8",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "275D1327-46DD-4A6F-B64B-F0622DAB7411",
"versionEndExcluding": "3.9.3",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBB39318-06F7-4103-812A-C2D16CEDD441",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de comparaci\u00f3n incorrecta en GitHub Enterprise Server que permit\u00eda el contrabando de confirmaciones al mostrar una diferencia incorrecta en una Solicitud de Extracci\u00f3n reabierta. Para hacerlo, un atacante necesitar\u00eda acceso de escritura al repositorio. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server y se solucion\u00f3 en las versiones 3.6.17, 3.7.15, 3.8.8, 3.9.3 y 3.10.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2023-23766",
"lastModified": "2024-11-21T07:46:47.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-22T15:15:10.557",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/enterprise-server@3.10/admin/release-notes#3.10.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/enterprise-server@3.6/admin/release-notes#3.6.17"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/enterprise-server@3.7/admin/release-notes#3.7.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/enterprise-server@3.8/admin/release-notes#3.8.8"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/enterprise-server@3.9/admin/release-notes#3.9.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/enterprise-server@3.10/admin/release-notes#3.10.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/enterprise-server@3.6/admin/release-notes#3.6.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/enterprise-server@3.7/admin/release-notes#3.7.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/enterprise-server@3.8/admin/release-notes#3.8.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/enterprise-server@3.9/admin/release-notes#3.9.3"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-14 21:15
Modified
2024-11-21 05:50
Severity ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and was fixed in 3.1.3, 3.0.11, and 2.22.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DABF955B-08EB-4F27-B075-87F2CCF9CCCE",
"versionEndExcluding": "2.22.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FD9D73-4FBD-4598-88AC-722036E9ACCE",
"versionEndExcluding": "3.0.11",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E5EEC6-5506-435A-9EEE-65231F738DC2",
"versionEndExcluding": "3.1.3",
"versionStartIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and was fixed in 3.1.3, 3.0.11, and 2.22.17. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de salto de ruta en GitHub Enterprise Server que podr\u00eda ser explotado cuando se construye un sitio de GitHub Pages. Las opciones de configuraci\u00f3n controladas por el usuario utilizadas por GitHub Pages no estaban suficientemente restringidas y hac\u00edan posible leer archivos en la instancia de GitHub Enterprise Server. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda permiso para crear y construir un sitio de GitHub Pages en la instancia de GitHub Enterprise Server. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server anteriores a 3.1.3 y fue corregida en las versiones 3.1.3, 3.0.11 y 2.22.17. Esta vulnerabilidad fue reportada por medio del programa GitHub Bug Bounty"
}
],
"id": "CVE-2021-22867",
"lastModified": "2024-11-21T05:50:47.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-14T21:15:08.017",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.17"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.11"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.3"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-21 21:15
Modified
2024-12-16 19:07
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C219467-E463-4C59-AAD7-8BECDA8AA1AE",
"versionEndExcluding": "3.7.19",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D983FF-FDDE-484C-AA34-31EB52E25EC2",
"versionEndExcluding": "3.8.12",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B118EB53-4459-4817-8F74-002DBA4860DA",
"versionEndExcluding": "3.9.7",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65FB74F-11AB-439B-9CF0-9F08E03E4083",
"versionEndExcluding": "3.10.4",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC723276-C3EE-4F79-857A-3A5C078C33E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de autorizaci\u00f3n incorrecta en GitHub Enterprise Server que permit\u00eda actualizar los comentarios del problema con un token con un alcance incorrecto. Esta vulnerabilidad no permit\u00eda el acceso no autorizado a ning\u00fan contenido del repositorio, ya que tambi\u00e9n requer\u00eda permisos de contenido: problemas de lectura y escritura. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucion\u00f3 en las versiones 3.17.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1."
}
],
"id": "CVE-2023-51379",
"lastModified": "2024-12-16T19:07:10.117",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-21T21:15:13.480",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-19 14:15
Modified
2024-11-21 06:49
Severity ?
Summary
A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23204C49-9FD0-48B8-A6F2-4327F9AD2934",
"versionEndExcluding": "3.2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB425E9F-1083-4043-A06B-733CE4DB9F37",
"versionEndExcluding": "3.3.11",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F16C37D-DB03-4699-8285-81A1DCF9BD7E",
"versionEndExcluding": "3.4.6",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83C96B19-F1B0-4E03-A6C5-8BBAF7B4A00B",
"versionEndExcluding": "3.5.3",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de deserializaci\u00f3n de datos no fiables en GitHub Enterprise Server que podr\u00eda conllevar la ejecuci\u00f3n de c\u00f3digo remota en el SVNBridge. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda conseguir acceso por medio de un ataque de tipo server-side request forgery (SSRF) que permitir\u00eda al atacante controlar los datos que est\u00e1n siendo de serializados. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server anteriores a v3.6 y fue corregida en versiones 3.5.3, 3.4.6, 3.3.11 y 3.2.16. Esta vulnerabilidad fue reportada por medio del programa GitHub Bug Bounty"
}
],
"id": "CVE-2022-23734",
"lastModified": "2024-11-21T06:49:12.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-19T14:15:09.603",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.16"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-16 22:15
Modified
2024-11-21 09:48
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF7098F-C0C3-474E-8E01-E3252A3A4DB4",
"versionEndExcluding": "3.9.17",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "976E8532-E4BE-4779-9E09-05FCD57F5EB0",
"versionEndExcluding": "3.10.14",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A638319-C7A1-42F0-808E-84DF23F37734",
"versionEndExcluding": "3.11.12",
"versionStartIncluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB39F351-9738-4228-B4C9-0A0E6A4CE97D",
"versionEndExcluding": "3.12.6",
"versionStartIncluding": "3.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D3E81-23E5-4BD9-BC0F-D87CF0ED21FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio en GitHub Enterprise Server que permiti\u00f3 a un atacante provocar un agotamiento ilimitado de los recursos enviando un gran payloads al servidor Git. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.14 y se solucion\u00f3 en las versiones 3.13.1, 3.12.6, 3.11.12, 3.10.14 y 3.9.17. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-5795",
"lastModified": "2024-11-21T09:48:20.780",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-16T22:15:05.253",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-23 22:15
Modified
2024-11-21 05:50
Severity ?
Summary
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D306E32-D4C5-48C9-8408-2BD41D9F532D",
"versionEndExcluding": "2.21.17",
"versionStartIncluding": "2.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB27F5B-D998-4C70-9087-EA3F4574B84D",
"versionEndExcluding": "2.22.9",
"versionStartIncluding": "2.22.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B66596-7997-45C3-A56C-F1CEA2D1BAE8",
"versionEndExcluding": "3.0.3",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en el servidor de GitHub Enterprise que podr\u00eda explotarse al crear un sitio de p\u00e1ginas de GitHub.\u0026#xa0;Las opciones de configuraci\u00f3n controladas por el usuario que usaban las p\u00e1ginas de GitHub no estaban lo suficientemente restringidas y permit\u00edan anular las variables de entorno lo que conllevar\u00eda a una ejecuci\u00f3n de c\u00f3digo en la instancia del servidor de GitHub Enterprise.\u0026#xa0;Para explotar esta vulnerabilidad, un atacante necesitar\u00eda permiso para crear y construir un sitio de p\u00e1ginas de GitHub en la instancia del servidor de GitHub Enterprise.\u0026#xa0;Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a 3.0.3 y se corrigi\u00f3 en versiones 3.0.3, 2.22.9 y 2.21.17.\u0026#xa0;Esta vulnerabilidad se report\u00f3 por medio del programa GitHub Bug Bounty"
}
],
"id": "CVE-2021-22864",
"lastModified": "2024-11-21T05:50:47.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-23T22:15:12.423",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.17"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.9"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.3"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-20 20:15
Modified
2024-09-27 17:48
Severity ?
Summary
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access token was not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-cna@github.com | https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16 | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14 | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8 | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "827A09EB-C889-49E4-982D-01B416DEA6C3",
"versionEndExcluding": "3.10.16",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ECADA51-1495-4D35-B7C0-6ADED7EDD26D",
"versionEndExcluding": "3.11.14",
"versionStartIncluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C305C7E-C6A2-42F2-A910-203B74C71128",
"versionEndExcluding": "3.12.8",
"versionStartIncluding": "3.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A51D9A9-389E-469F-B17C-F5B7CCEEC498",
"versionEndExcluding": "3.13.3",
"versionStartIncluding": "3.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access token was not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de autorizaci\u00f3n incorrecta en GitHub Enterprise Server que permit\u00eda una aplicaci\u00f3n GitHub con solo contenido: lectura y pull_request_write: permisos de escritura para leer el contenido del problema dentro de un repositorio privado. Esto solo se pod\u00eda explotar mediante el token de acceso del usuario y el token de acceso a la instalaci\u00f3n no se vio afectado. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.14 y se solucion\u00f3 en las versiones 3.13.3, 3.12.8, 3.11.14 y 3.10.16. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-6337",
"lastModified": "2024-09-27T17:48:00.977",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "product-cna@github.com",
"type": "Secondary"
}
]
},
"published": "2024-08-20T20:15:09.033",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-14 19:15
Modified
2024-11-21 06:49
Severity ?
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE758FE9-09D3-4EB9-AC38-D867282F15BD",
"versionEndExcluding": "3.3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3D1E90-878E-40C4-BF81-4875470E8E55",
"versionEndExcluding": "3.4.12",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84048F59-1F7B-40CF-8B8F-B74FE2F10A96",
"versionEndExcluding": "3.5.9",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73AE682C-600E-41D5-947D-4F69EEC202C8",
"versionEndExcluding": "3.6.5",
"versionStartIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de autorizaci\u00f3n incorrecta en GitHub Enterprise Server que permiti\u00f3 que un token de usuario a servidor con alcance escalara a privilegios completos de administrador/propietario. Un atacante requerir\u00eda una cuenta con acceso de administrador para instalar una aplicaci\u00f3n GitHub maliciosa. Esta vulnerabilidad se solucion\u00f3 en las versiones 3.3.17, 3.4.12, 3.5.9 y 3.6.5. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2022-23741",
"lastModified": "2024-11-21T06:49:13.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T19:15:10.143",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-24 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This vulnerability was reported via the GitHub Bug Bounty program. This is the result of an incomplete fix for CVE-2021-22867.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDDEFEB-DB47-4B0A-AB1A-ADB9BC67D973",
"versionEndExcluding": "2.22.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04947602-2CE8-4F71-B8F8-698321B08CAD",
"versionEndExcluding": "3.0.16",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45F01144-515A-4FFA-B7E2-1B6609D44425",
"versionEndExcluding": "3.1.8",
"versionStartIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This vulnerability was reported via the GitHub Bug Bounty program. This is the result of an incomplete fix for CVE-2021-22867."
},
{
"lang": "es",
"value": "Se Identific\u00f3 una vulnerabilidad de salto de ruta en GitHub Enterprise Server que podr\u00eda explotarse cuando se creaba un sitio de GitHub Pages. Las opciones de configuraci\u00f3n controladas por el usuario usadas por GitHub Pages no estaban suficientemente restringidas y permit\u00edan leer archivos en la instancia de GitHub Enterprise Server. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda permiso para crear y construir un sitio de GitHub Pages en la instancia de GitHub Enterprise Server. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server anteriores a 3.1.8 y fue corregida en las versiones 3.1.8, 3.0.16 y 2.22.22. Esta vulnerabilidad fue reportada por medio del programa GitHub Bug Bounty. Esto es el resultado de una correcci\u00f3n incompleta de CVE-2021-22867."
}
],
"id": "CVE-2021-22868",
"lastModified": "2024-11-21T05:50:47.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-24T18:15:07.347",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.22"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-21 21:15
Modified
2024-11-21 08:28
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D983FF-FDDE-484C-AA34-31EB52E25EC2",
"versionEndExcluding": "3.8.12",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "293B7C5B-C544-4426-A68E-F3FFB293CFBA",
"versionEndExcluding": "3.9.6",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "226320D4-C315-4868-A1DB-1E5E53B7798F",
"versionEndExcluding": "3.10.3",
"versionStartIncluding": "3.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance.\u00a0This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0."
},
{
"lang": "es",
"value": "La administraci\u00f3n inadecuada de privilegios en todas las versiones de GitHub Enterprise Server permite a los usuarios con acceso autorizado a la consola de administraci\u00f3n con un rol de editor escalar sus privilegios al realizar solicitudes al endpoint utilizado para iniciar la instancia. Esta vulnerabilidad afect\u00f3 a GitHub Enterprise Server versi\u00f3n 3.8.0 y superiores y se solucion\u00f3 en las versiones 3.8.12, 3.9.6, 3.10.3 y 3.11.0."
}
],
"id": "CVE-2023-46647",
"lastModified": "2024-11-21T08:28:58.003",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-21T21:15:08.930",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.0"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-21 21:15
Modified
2024-11-21 08:28
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C219467-E463-4C59-AAD7-8BECDA8AA1AE",
"versionEndExcluding": "3.7.19",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D983FF-FDDE-484C-AA34-31EB52E25EC2",
"versionEndExcluding": "3.8.12",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B118EB53-4459-4817-8F74-002DBA4860DA",
"versionEndExcluding": "3.9.7",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65FB74F-11AB-439B-9CF0-9F08E03E4083",
"versionEndExcluding": "3.10.4",
"versionStartIncluding": "3.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de path traversal en GitHub Enterprise Server que permit\u00eda la lectura arbitraria de archivos al crear un sitio de GitHub Pages. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda permiso para crear y construir un sitio de GitHub Pages en la instancia de GitHub Enterprise Server. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucion\u00f3 en las versiones 3.7.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2023-46645",
"lastModified": "2024-11-21T08:28:57.547",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-21T21:15:08.347",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-16 22:15
Modified
2024-11-21 09:49
Severity ?
Summary
An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF7098F-C0C3-474E-8E01-E3252A3A4DB4",
"versionEndExcluding": "3.9.17",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "976E8532-E4BE-4779-9E09-05FCD57F5EB0",
"versionEndExcluding": "3.10.14",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A638319-C7A1-42F0-808E-84DF23F37734",
"versionEndExcluding": "3.11.12",
"versionStartIncluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB39F351-9738-4228-B4C9-0A0E6A4CE97D",
"versionEndExcluding": "3.12.6",
"versionStartIncluding": "3.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D3E81-23E5-4BD9-BC0F-D87CF0ED21FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Una exposici\u00f3n a una vulnerabilidad de informaci\u00f3n confidencial en GitHub Enterprise Server permitir\u00eda a un atacante enumerar los nombres de repositorios privados que utilizan claves de implementaci\u00f3n. Esta vulnerabilidad no permit\u00eda el acceso no autorizado a ning\u00fan contenido del repositorio adem\u00e1s del nombre. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.14 y se solucion\u00f3 en las versiones 3.13.1, 3.12.6, 3.11.12, 3.10.14 y 3.9.17. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-6395",
"lastModified": "2024-11-21T09:49:34.207",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:C/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"source": "product-cna@github.com",
"type": "Secondary"
}
]
},
"published": "2024-07-16T22:15:06.573",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://help.github.com/enterprise-server@3.10/admin/release-notes#3.10.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://help.github.com/enterprise-server@3.10/admin/release-notes#3.10.15"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-16 22:15
Modified
2024-11-21 09:49
Severity ?
Summary
A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF7098F-C0C3-474E-8E01-E3252A3A4DB4",
"versionEndExcluding": "3.9.17",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "976E8532-E4BE-4779-9E09-05FCD57F5EB0",
"versionEndExcluding": "3.10.14",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A638319-C7A1-42F0-808E-84DF23F37734",
"versionEndExcluding": "3.11.12",
"versionStartIncluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB39F351-9738-4228-B4C9-0A0E6A4CE97D",
"versionEndExcluding": "3.12.6",
"versionStartIncluding": "3.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D3E81-23E5-4BD9-BC0F-D87CF0ED21FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Una vulnerabilidad de configuraci\u00f3n incorrecta de seguridad en GitHub Enterprise Server permiti\u00f3 la divulgaci\u00f3n de informaci\u00f3n confidencial a usuarios no autorizados en GitHub Enterprise Server mediante la explotaci\u00f3n de la funci\u00f3n de conjunto de reglas de la organizaci\u00f3n. Este ataque requiri\u00f3 que un miembro de la organizaci\u00f3n cambiara expl\u00edcitamente la visibilidad de un repositorio dependiente de privado a p\u00fablico. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.14 y se solucion\u00f3 en las versiones 3.13.1, 3.12.6, 3.11.12, 3.10.14 y 3.9.17. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-6336",
"lastModified": "2024-11-21T09:49:27.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:X/RE:X/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "product-cna@github.com",
"type": "Secondary"
}
]
},
"published": "2024-07-16T22:15:05.983",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-21 21:15
Modified
2024-11-21 08:44
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D983FF-FDDE-484C-AA34-31EB52E25EC2",
"versionEndExcluding": "3.8.12",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B118EB53-4459-4817-8F74-002DBA4860DA",
"versionEndExcluding": "3.9.7",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65FB74F-11AB-439B-9CF0-9F08E03E4083",
"versionEndExcluding": "3.10.4",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC723276-C3EE-4F79-857A-3A5C078C33E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. \n"
},
{
"lang": "es",
"value": "La gesti\u00f3n inadecuada de privilegios permiti\u00f3 que se confirmaran y ejecutaran workflows arbitrarios utilizando una PAT con un alcance inadecuado. Para aprovechar esto, ya debe haber existido un flujo de trabajo en el repositorio de destino. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.8 y se solucion\u00f3 en las versiones 3.8.12, 3.9.7, 3.10.4 y 3.11.1."
}
],
"id": "CVE-2023-6804",
"lastModified": "2024-11-21T08:44:35.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.5,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-21T21:15:15.020",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-14 21:15
Modified
2024-11-21 05:50
Severity ?
Summary
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but in certain circumstances, if the user revisits the authorization flow after the GitHub App has configured additional user-level permissions, those additional permissions may not be shown, leading to more permissions being granted than the user potentially intended. This vulnerability affected GitHub Enterprise Server 3.0.x prior to 3.0.7 and 2.22.x prior to 2.22.13. It was fixed in versions 3.0.7 and 2.22.13. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D74B8B1-2368-4287-A3FA-1F1795D96CA6",
"versionEndExcluding": "2.22.13",
"versionStartIncluding": "2.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5380547D-A963-4E9D-8D0D-A2FCD42C89F2",
"versionEndExcluding": "3.0.7",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App\u0027s user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but in certain circumstances, if the user revisits the authorization flow after the GitHub App has configured additional user-level permissions, those additional permissions may not be shown, leading to more permissions being granted than the user potentially intended. This vulnerability affected GitHub Enterprise Server 3.0.x prior to 3.0.7 and 2.22.x prior to 2.22.13. It was fixed in versions 3.0.7 and 2.22.13. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de tergiversaci\u00f3n de la Interfaz de Usuario en el servidor de GitHub Enterprise que permit\u00eda que m\u00e1s permisos sean otorgados durante el flujo web de autorizaci\u00f3n de usuario de una aplicaci\u00f3n de GitHub de los que se mostraban al usuario durante la aprobaci\u00f3n.\u0026#xa0;Para explotar esta vulnerabilidad, un atacante necesitar\u00eda crear una aplicaci\u00f3n GitHub en una instancia y tener a un usuario autorizado la aplicaci\u00f3n por medio del flujo de autenticaci\u00f3n web.\u0026#xa0;Todos los permisos otorgados se mostrar\u00edan apropiadamente durante la primera autorizaci\u00f3n, pero en determinadas circunstancias, si el usuario vuelve a visitar el flujo de autorizaci\u00f3n despu\u00e9s de que la aplicaci\u00f3n GitHub haya configurado permisos adicionales a nivel de usuario, es posible que esos permisos adicionales no sean mostrados, conllevando a que sean mostrados m\u00e1s permisos. concedido de lo que el usuario potencialmente pretend\u00eda.\u0026#xa0;Esta vulnerabilidad afect\u00f3 a GitHub Enterprise Server versiones 3.0.x anteriores a 3.0.7 y versiones 2.22.xanteriores a 2.22.13.\u0026#xa0;Fue corregido en versiones 3.0.7 y 2.22.13.\u0026#xa0;Esta vulnerabilidad fue reportada por medio del programa GitHub Bug Bounty"
}
],
"id": "CVE-2021-22866",
"lastModified": "2024-11-21T05:50:47.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-14T21:15:07.407",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.13"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.7"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-451"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-21 21:15
Modified
2024-12-16 19:07
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C219467-E463-4C59-AAD7-8BECDA8AA1AE",
"versionEndExcluding": "3.7.19",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D983FF-FDDE-484C-AA34-31EB52E25EC2",
"versionEndExcluding": "3.8.12",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B118EB53-4459-4817-8F74-002DBA4860DA",
"versionEndExcluding": "3.9.7",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65FB74F-11AB-439B-9CF0-9F08E03E4083",
"versionEndExcluding": "3.10.4",
"versionStartIncluding": "3.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the \"Get a check run\" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name.\u00a0This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0."
},
{
"lang": "es",
"value": "El control de acceso inadecuado en todas las versiones de GitHub Enterprise Server permite a usuarios no autorizados ver nombres de repositorios privados a trav\u00e9s del endpoint API \"Get a check run\". Esta vulnerabilidad no permit\u00eda el acceso no autorizado a ning\u00fan contenido del repositorio adem\u00e1s del nombre. Esta vulnerabilidad afect\u00f3 a GitHub Enterprise Server versi\u00f3n 3.7.0 y superiores y se solucion\u00f3 en las versiones 3.17.19, 3.8.12, 3.9.7 3.10.4 y 3.11.0."
}
],
"id": "CVE-2023-46646",
"lastModified": "2024-12-16T19:07:42.750",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-21T21:15:08.620",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-07 19:15
Modified
2024-11-21 07:46
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D30FF55B-C5FA-431A-8E0C-7FCB872AD8DC",
"versionEndExcluding": "3.4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A66A3A-E2CB-4B7B-BB28-FD81D8A81F9C",
"versionEndExcluding": "3.5.15",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C79CD6-3EA8-470D-8E35-EF53450F063B",
"versionEndExcluding": "3.6.11",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75E3B814-6517-4938-917D-7098FF49E301",
"versionEndExcluding": "3.7.8",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "952A51A6-A24C-4989-9941-FE62E21C505D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it\u2019s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"id": "CVE-2023-23762",
"lastModified": "2024-11-21T07:46:47.047",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-07T19:15:07.057",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.18"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.11"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.8"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.1"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-21 21:15
Modified
2024-11-21 08:44
Severity ?
5.8 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
4.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N
4.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N
Summary
A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D983FF-FDDE-484C-AA34-31EB52E25EC2",
"versionEndExcluding": "3.8.12",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B118EB53-4459-4817-8F74-002DBA4860DA",
"versionEndExcluding": "3.9.7",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65FB74F-11AB-439B-9CF0-9F08E03E4083",
"versionEndExcluding": "3.10.4",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC723276-C3EE-4F79-857A-3A5C078C33E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. \n"
},
{
"lang": "es",
"value": "Una condici\u00f3n de ejecuci\u00f3n en GitHub Enterprise Server permite agregar un colaborador externo mientras se transfiere un repositorio. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.8 y se solucion\u00f3 en las versiones 3.8.12, 3.9.7, 3.10.4 y 3.11.1."
}
],
"id": "CVE-2023-6803",
"lastModified": "2024-11-21T08:44:35.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 5.5,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-21T21:15:14.800",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-05 00:15
Modified
2024-11-21 06:49
Severity ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E96DE165-BA53-4DF3-80D9-593D2B818122",
"versionEndExcluding": "3.1.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F74A783-AEF6-4098-8935-B6ACFA1FC2FF",
"versionEndExcluding": "3.2.11",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2CB1E7-2F10-4344-B2D4-EE4427819EE7",
"versionEndExcluding": "3.3.6",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACD467CB-19FD-42E6-8F03-81718132F7E3",
"versionEndExcluding": "3.4.1",
"versionStartIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de salto de ruta en la consola de administraci\u00f3n de GitHub Enterprise Server que permit\u00eda omitir las protecciones de tipo CSRF. Esto podr\u00eda conllevar una escalada de privilegios. Para explotar esta vulnerabilidad, un atacante tendr\u00eda que dirigirse a un usuario que estuviera conectado activamente a la consola de administraci\u00f3n. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server anteriores a 3.5 y fue corregida en las versiones 3.1.19, 3.2.11, 3.3.6 y 3.4.1. Esta vulnerabilidad fue reportada por medio del programa GitHub Bug Bounty"
}
],
"id": "CVE-2022-23732",
"lastModified": "2024-11-21T06:49:12.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-05T00:15:17.767",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.19"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.11"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.6"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.1"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-01 21:15
Modified
2024-11-21 06:49
Severity ?
Summary
An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, and 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F285BC4-24DC-4C68-A057-1DD6B2394747",
"versionEndExcluding": "3.2.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D78CBA9-4429-40D3-A99B-34B7F01E5836",
"versionEndExcluding": "3.3.15",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36AECB64-2CAA-451A-B1D0-F54C197421BC",
"versionEndExcluding": "3.4.10",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2856DB-ACBC-4CC5-AF46-AEDAEC9EAEF6",
"versionEndExcluding": "3.5.7",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7FAA99E-F14D-4904-8BE0-DE7D22D54D5D",
"versionEndExcluding": "3.6.3",
"versionStartIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization\u0027s repo with write permissions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, and 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de administraci\u00f3n de privilegios inadecuada en GitHub Enterprise Server que permit\u00eda a los usuarios con privilegios inadecuados crear o eliminar p\u00e1ginas a trav\u00e9s de la API. Para aprovechar esta vulnerabilidad, ser\u00eda necesario agregar un atacante al repositorio de una organizaci\u00f3n con permisos de escritura. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.7 y se solucion\u00f3 en las versiones 3.2.20, 3.3.15, 3.4.10, 3.5.7 y 3.6.3. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2022-23737",
"lastModified": "2024-11-21T06:49:12.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-01T21:15:19.467",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.20"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.15"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.10"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.7"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.3"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-18 00:15
Modified
2024-11-21 06:26
Severity ?
Summary
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C96DB9-581A-4879-995C-36578EEF464D",
"versionEndExcluding": "3.0.21",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74D8256B-A225-4AE9-A452-026B02A6395F",
"versionEndExcluding": "3.1.13",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD1AB3-9525-4158-AB45-D333E88971EC",
"versionEndExcluding": "3.2.5",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en GitHub Enterprise Server que pod\u00eda explotarse cuando era creado un sitio de GitHub Pages. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda permiso para crear y construir un sitio de GitHub Pages en la instancia de GitHub Enterprise Server. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server anteriores a 3.3 y fue corregida en versiones 3.0.21, 3.1.13 y 3.2.5. Esta vulnerabilidad fue reportada por medio del programa GitHub Bug Bounty"
}
],
"id": "CVE-2021-41599",
"lastModified": "2024-11-21T06:26:30.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T00:15:07.397",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-14 18:15
Modified
2024-11-21 07:30
Severity ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE758FE9-09D3-4EB9-AC38-D867282F15BD",
"versionEndExcluding": "3.3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3D1E90-878E-40C4-BF81-4875470E8E55",
"versionEndExcluding": "3.4.12",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84048F59-1F7B-40CF-8B8F-B74FE2F10A96",
"versionEndExcluding": "3.5.9",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73AE682C-600E-41D5-947D-4F69EEC202C8",
"versionEndExcluding": "3.6.5",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFE640FA-93F1-4A2A-90E5-EE023BB381B5",
"versionEndExcluding": "3.7.2",
"versionStartIncluding": "3.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de path traversal en GitHub Enterprise Server que permit\u00eda la ejecuci\u00f3n remota de c\u00f3digo al crear un sitio de GitHub Pages. Para aprovechar esta vulnerabilidad, un atacante necesitar\u00eda permiso para crear y construir un sitio de p\u00e1ginas de GitHub en la instancia. Esta vulnerabilidad se solucion\u00f3 en las versiones 3.3.17, 3.4.12, 3.5.9, 3.6.5 y 3.7.2. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2022-46256",
"lastModified": "2024-11-21T07:30:17.730",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T18:15:23.553",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.2"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-30 23:15
Modified
2024-11-21 07:46
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10385908-47E5-406D-B382-01EE299772C3",
"versionEndExcluding": "3.6.16",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5304976-43C5-4893-B73F-5A86BAF9FF52",
"versionEndExcluding": "3.7.13",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC3C00D-829D-4027-B86B-D11E2DB22FD8",
"versionEndExcluding": "3.8.6",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC0199E-78C5-4423-97D8-33ABFEE4458E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de comparaci\u00f3n incorrecta en GitHub Enterprise Server que permit\u00eda el contrabando de commits mostrando un diff incorrecto en un Pull Request reabierto. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda acceso de escritura al repositorio. Esta vulnerabilidad se notific\u00f3 a trav\u00e9s del programa de recompensas por fallos de GitHub: https://bounty.github.com/. "
}
],
"id": "CVE-2023-23765",
"lastModified": "2024-11-21T07:46:47.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 4.2,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-30T23:15:08.447",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.16"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.13"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.1"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-02 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. The private repository metadata returned would be limited to repositories owned by the user the token identifies. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.4 and was fixed in versions 3.0.4, 2.22.10, 2.21.18. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83563454-A07F-4BB4-8372-C950C437CCA7",
"versionEndExcluding": "2.21.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDD3874-DF16-4708-B490-B9837E8C1E84",
"versionEndExcluding": "2.22.10",
"versionStartIncluding": "2.22.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A99BF524-7BF7-4DD9-845D-EF117D94D71F",
"versionEndExcluding": "3.0.4",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App\u0027s web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. The private repository metadata returned would be limited to repositories owned by the user the token identifies. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.4 and was fixed in versions 3.0.4, 2.22.10, 2.21.18. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de control de acceso inapropiado en GitHub Enterprise Server que permit\u00eda que los tokens de acceso generados a partir del flujo de autenticaci\u00f3n web de una aplicaci\u00f3n GitHub leyeran metadatos del repositorio privado por medio de la API REST sin haber recibido los permisos apropiados.\u0026#xa0;Para explotar esta vulnerabilidad, un atacante necesitar\u00eda crear una aplicaci\u00f3n GitHub en la instancia y hacer que un usuario autorizara la aplicaci\u00f3n mediante el flujo de autenticaci\u00f3n web.\u0026#xa0;Los metadatos del repositorio privado devueltos se limitar\u00edan a los repositorios propiedad del usuario que identifica el token.\u0026#xa0;Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.0.4 y fue corregido en versiones 3.0.4, 2.22.10, 2.21.18.\u0026#xa0;Esta vulnerabilidad se report\u00f3 por medio del programa GitHub Bug Bounty."
}
],
"id": "CVE-2021-22865",
"lastModified": "2024-11-21T05:50:47.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-02T18:15:21.997",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.18"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.10"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.4"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-08 19:15
Modified
2024-11-21 07:46
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37DA2D24-3C3C-445D-8463-4AD5C0D12D53",
"versionEndExcluding": "3.4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE4BA6A-247B-40C4-B5F4-42611852C30A",
"versionEndExcluding": "3.5.14",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC14B50-F2DE-4307-993C-A5CF4537BD1A",
"versionEndExcluding": "3.6.10",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C533A3C5-21AE-46E4-A973-E9EDB3D9637E",
"versionEndExcluding": "3.7.7",
"versionStartIncluding": "3.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\n\n\n"
}
],
"id": "CVE-2023-23760",
"lastModified": "2024-11-21T07:46:46.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.7,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-08T19:15:10.933",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.17"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.14"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.10"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.7"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-23 21:15
Modified
2024-09-30 15:57
Severity ?
Summary
An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92B7FEDD-264A-4B57-B722-58E8D3F30EA4",
"versionEndExcluding": "3.10.17",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21688373-04C3-4091-A8A9-0158C1744548",
"versionEndExcluding": "3.11.15",
"versionStartIncluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "597AB8F0-5B47-477F-B27D-A461CD6CFAFA",
"versionEndExcluding": "3.12.9",
"versionStartIncluding": "3.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "163BA2E3-5619-4684-B7C2-0F7103BC849C",
"versionEndExcluding": "3.13.4",
"versionStartIncluding": "3.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CD20D1-EF3F-422F-81DB-DB53859FF556",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1.\u00a0This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Una vulnerabilidad de administraci\u00f3n de privilegios incorrecta permiti\u00f3 que se enviaran flujos de trabajo arbitrarios utilizando un PAT con un alcance incorrecto mediante el uso de etiquetas anidadas. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server y se solucion\u00f3 en las versiones 3.10.17, 3.11.15, 3.12.9, 3.13.4 y 3.14.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-8263",
"lastModified": "2024-09-30T15:57:26.213",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "product-cna@github.com",
"type": "Secondary"
}
]
},
"published": "2024-09-23T21:15:12.957",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.17"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.9"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.4"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.1"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-16 21:15
Modified
2024-11-21 07:44
Severity ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.6. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F570C1BE-2212-4E66-81CE-38FFC943F37C",
"versionEndExcluding": "3.7.6",
"versionStartIncluding": "3.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.6. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"id": "CVE-2023-22380",
"lastModified": "2024-11-21T07:44:40.110",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-16T21:15:14.237",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.6"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-21 21:15
Modified
2024-11-21 08:28
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D983FF-FDDE-484C-AA34-31EB52E25EC2",
"versionEndExcluding": "3.8.12",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B118EB53-4459-4817-8F74-002DBA4860DA",
"versionEndExcluding": "3.9.7",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65FB74F-11AB-439B-9CF0-9F08E03E4083",
"versionEndExcluding": "3.10.4",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC723276-C3EE-4F79-857A-3A5C078C33E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de entrop\u00eda insuficiente en GitHub Enterprise Server (GHES) que permiti\u00f3 a un atacante forzar por fuerza bruta una invitaci\u00f3n de usuario a la GHES Management Console. Para aprovechar esta vulnerabilidad, un atacante necesitar\u00eda saber que hay una invitaci\u00f3n de usuario pendiente. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.8 y se solucion\u00f3 en las versiones 3.8.12, 3.9.7, 3.10.4 y 3.11.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2023-46648",
"lastModified": "2024-11-21T08:28:58.177",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-21T21:15:09.257",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-331"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-331"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-16 22:15
Modified
2024-11-21 09:48
Severity ?
Summary
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.9.17, 3.10.14, 3.11.12, 3.12.6, 3.13.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF7098F-C0C3-474E-8E01-E3252A3A4DB4",
"versionEndExcluding": "3.9.17",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "976E8532-E4BE-4779-9E09-05FCD57F5EB0",
"versionEndExcluding": "3.10.14",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A638319-C7A1-42F0-808E-84DF23F37734",
"versionEndExcluding": "3.11.12",
"versionStartIncluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB39F351-9738-4228-B4C9-0A0E6A4CE97D",
"versionEndExcluding": "3.12.6",
"versionStartIncluding": "3.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D3E81-23E5-4BD9-BC0F-D87CF0ED21FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.9.17, 3.10.14, 3.11.12, 3.12.6, 3.13.1. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de autorizaci\u00f3n incorrecta en GitHub Enterprise Server que permit\u00eda que una aplicaci\u00f3n GitHub suspendida retuviera el acceso al repositorio a trav\u00e9s de un token de acceso de usuario con alcance. Esto solo era explotable en repositorios p\u00fablicos, mientras que los repositorios privados no se vieron afectados. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.14 y se solucion\u00f3 en las versiones 3.9.17, 3.10.14, 3.11.12, 3.12.6, 3.13.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-5816",
"lastModified": "2024-11-21T09:48:23.347",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "product-cna@github.com",
"type": "Secondary"
}
]
},
"published": "2024-07-16T22:15:05.657",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.9.17"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.9.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-21 21:15
Modified
2024-11-21 08:44
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D983FF-FDDE-484C-AA34-31EB52E25EC2",
"versionEndExcluding": "3.8.12",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B118EB53-4459-4817-8F74-002DBA4860DA",
"versionEndExcluding": "3.9.7",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65FB74F-11AB-439B-9CF0-9F08E03E4083",
"versionEndExcluding": "3.10.4",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC723276-C3EE-4F79-857A-3A5C078C33E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified\u00a0that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs.\u00a0This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0"
},
{
"lang": "es",
"value": "Se identific\u00f3 una inserci\u00f3n de informaci\u00f3n confidencial en el archivo de registro del registro de auditor\u00eda en GitHub Enterprise Server que podr\u00eda permitir que un atacante obtenga acceso a la consola de administraci\u00f3n. Para explotar esto, un atacante necesitar\u00eda acceso a los archivos de registro del dispositivo GitHub Enterprise Server, un archivo de respaldo creado con GitHub Enterprise Server Backup Utilities o un servicio que recibiera registros transmitidos. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.8 y se solucion\u00f3 en las versiones 3.8.12, 3.9.7, 3.10.4 y 3.11.1."
}
],
"id": "CVE-2023-6802",
"lastModified": "2024-11-21T08:44:35.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-21T21:15:14.570",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-16 22:15
Modified
2024-11-21 09:47
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF7098F-C0C3-474E-8E01-E3252A3A4DB4",
"versionEndExcluding": "3.9.17",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "976E8532-E4BE-4779-9E09-05FCD57F5EB0",
"versionEndExcluding": "3.10.14",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A638319-C7A1-42F0-808E-84DF23F37734",
"versionEndExcluding": "3.11.12",
"versionStartIncluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB39F351-9738-4228-B4C9-0A0E6A4CE97D",
"versionEndExcluding": "3.12.6",
"versionStartIncluding": "3.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D3E81-23E5-4BD9-BC0F-D87CF0ED21FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17."
},
{
"lang": "es",
"value": "Una vulnerabilidad de gesti\u00f3n de privilegios inadecuada permiti\u00f3 a los usuarios migrar repositorios privados sin tener definidos los alcances adecuados en el token de acceso personal relacionado. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.14 y se solucion\u00f3 en las versiones 3.13.1, 3.12.6, 3.11.12, 3.10.14 y 3.9.17."
}
],
"id": "CVE-2024-5566",
"lastModified": "2024-11-21T09:47:56.607",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 4.0,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-16T22:15:04.887",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-07 17:15
Modified
2024-11-21 07:30
Severity ?
Summary
An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploit this vulnerability, an attacker would need access to the GHES instance, permissions to modify GitHub Actions runner groups, and successfully guess the obfuscated ID of private repositories. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "706EEA13-73A9-4AA6-8148-C48A68C4CC49",
"versionEndExcluding": "3.3.17",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3D1E90-878E-40C4-BF81-4875470E8E55",
"versionEndExcluding": "3.4.12",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84048F59-1F7B-40CF-8B8F-B74FE2F10A96",
"versionEndExcluding": "3.5.9",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73AE682C-600E-41D5-947D-4F69EEC202C8",
"versionEndExcluding": "3.6.5",
"versionStartIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploit this vulnerability, an attacker would need access to the GHES instance, permissions to modify GitHub Actions runner groups, and successfully guess the obfuscated ID of private repositories. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"id": "CVE-2022-46257",
"lastModified": "2024-11-21T07:30:17.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-07T17:15:12.447",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-21 21:15
Modified
2024-11-21 08:28
Severity ?
6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C219467-E463-4C59-AAD7-8BECDA8AA1AE",
"versionEndExcluding": "3.7.19",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D983FF-FDDE-484C-AA34-31EB52E25EC2",
"versionEndExcluding": "3.8.12",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B118EB53-4459-4817-8F74-002DBA4860DA",
"versionEndExcluding": "3.9.7",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65FB74F-11AB-439B-9CF0-9F08E03E4083",
"versionEndExcluding": "3.10.4",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC723276-C3EE-4F79-857A-3A5C078C33E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user.\u00a0This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0"
},
{
"lang": "es",
"value": "Se identific\u00f3 una condici\u00f3n de ejecuci\u00f3n en GitHub Enterprise Server que podr\u00eda permitir el acceso de administrador a un atacante. Para aprovechar esto, una organizaci\u00f3n debe ser convertida desde un usuario. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucion\u00f3 en las versiones 3.7.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1."
}
],
"id": "CVE-2023-46649",
"lastModified": "2024-11-21T08:28:58.367",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 5.9,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-21T21:15:09.573",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 19:15
Modified
2024-11-21 08:50
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6BA1DD-5194-4738-B23D-07FCEAFFB3DF",
"versionEndExcluding": "3.8.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C3BDFFD-8A83-4D52-8A6E-B87B8070A046",
"versionEndExcluding": "3.9.10",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB406BB2-7ABF-4A44-830F-7012CDB3D81D",
"versionEndExcluding": "3.10.7",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0529566C-AC2F-4385-93D7-578230AC453E",
"versionEndExcluding": "3.11.5",
"versionStartIncluding": "3.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd\u00a0configurations. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de comandos en GitHub Enterprise Server que permiti\u00f3 a un atacante con una funci\u00f3n de editor en Management Console obtener acceso SSH de administrador al dispositivo al configurar el nombre de usuario y la contrase\u00f1a para las configuraciones recopiladas. La explotaci\u00f3n de esta vulnerabilidad requiri\u00f3 acceso a la instancia de GitHub Enterprise Server y acceso a la Consola de administraci\u00f3n con la funci\u00f3n de editor. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en las versiones 3.11.5, 3.10.7, 3.9.10 y 3.8.15. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty https://bounty.github.com."
}
],
"id": "CVE-2024-1369",
"lastModified": "2024-11-21T08:50:25.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-13T19:15:10.023",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 20:15
Modified
2025-01-23 19:53
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an attacker would need access to the Enterprise Server. This vulnerability affected all versions of GitHub Enterprise Server after 3.8 and prior to 3.12, and was fixed in versions 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87AFBB5E-CCD3-4C54-8813-8D4ABF12C3E7",
"versionEndExcluding": "3.9.10",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB406BB2-7ABF-4A44-830F-7012CDB3D81D",
"versionEndExcluding": "3.10.7",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0529566C-AC2F-4385-93D7-578230AC453E",
"versionEndExcluding": "3.11.5",
"versionStartIncluding": "3.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an attacker would need access to the Enterprise Server. This vulnerability affected all versions of GitHub Enterprise Server after 3.8 and prior to 3.12, and was fixed in versions 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de autorizaci\u00f3n incorrecta en GitHub Enterprise Server que permiti\u00f3 a un atacante crear nuevas sucursales en repositorios p\u00fablicos y ejecutar flujos de trabajo arbitrarios de GitHub Actions con permisos de GITHUB_TOKEN. Para aprovechar esta vulnerabilidad, un atacante necesitar\u00eda acceso al servidor empresarial. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server posteriores a la 3.8 y anteriores a la 3.12, y se solucion\u00f3 en las versiones 3.9.10, 3.10.7, 3.11.5. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-1482",
"lastModified": "2025-01-23T19:53:54.957",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T20:15:45.690",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-16 22:15
Modified
2024-11-21 09:48
Severity ?
Summary
A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit a tag in the attacker's fork of their own repository. vulnerability affected all versions of GitHub Enterprise Server prior 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.
This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF7098F-C0C3-474E-8E01-E3252A3A4DB4",
"versionEndExcluding": "3.9.17",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "976E8532-E4BE-4779-9E09-05FCD57F5EB0",
"versionEndExcluding": "3.10.14",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A638319-C7A1-42F0-808E-84DF23F37734",
"versionEndExcluding": "3.11.12",
"versionStartIncluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB39F351-9738-4228-B4C9-0A0E6A4CE97D",
"versionEndExcluding": "3.12.6",
"versionStartIncluding": "3.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D3E81-23E5-4BD9-BC0F-D87CF0ED21FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit a tag in the attacker\u0027s fork of their own repository. vulnerability affected all versions of GitHub Enterprise Server prior 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.\n\n\n This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Request Forgery en GitHub Enterprise Server permiti\u00f3 operaciones de escritura en un repositorio propiedad de la v\u00edctima explotando tipos de solicitudes incorrectos. Un factor atenuante es que el atacante tendr\u00eda que ser un usuario confiable de GitHub Enterprise Server y la v\u00edctima tendr\u00eda que visitar una etiqueta en la bifurcaci\u00f3n del atacante en su propio repositorio. La vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.14 y se solucion\u00f3 en las versiones 3.13.1, 3.12.6, 3.11.12, 3.10.14 y 3.9.17. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-5815",
"lastModified": "2024-11-21T09:48:23.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:X/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"source": "product-cna@github.com",
"type": "Secondary"
}
]
},
"published": "2024-07-16T22:15:05.490",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.9.17"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.10.14"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.11.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.12.6"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.9.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.10.14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.11.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.12.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 19:15
Modified
2024-11-21 08:49
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6BA1DD-5194-4738-B23D-07FCEAFFB3DF",
"versionEndExcluding": "3.8.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C3BDFFD-8A83-4D52-8A6E-B87B8070A046",
"versionEndExcluding": "3.9.10",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB406BB2-7ABF-4A44-830F-7012CDB3D81D",
"versionEndExcluding": "3.10.7",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0529566C-AC2F-4385-93D7-578230AC453E",
"versionEndExcluding": "3.11.5",
"versionStartIncluding": "3.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an\u00a0attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de path traversal en GitHub Enterprise Server que permiti\u00f3 a un atacante obtener permiso de lectura no autorizado de archivos mediante la implementaci\u00f3n de enlaces simb\u00f3licos arbitrarios a un sitio de GitHub Pages con un archivo tar de artefacto especialmente manipulado. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda permiso para crear y construir un sitio de p\u00e1ginas de GitHub en la instancia de GitHub Enterprise Server. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en las versiones 3.8.15, 3.9.10, 3.10.7, 3.11.5. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-1082",
"lastModified": "2024-11-21T08:49:45.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-13T19:15:08.793",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-01 18:15
Modified
2024-11-21 06:49
Severity ?
Summary
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to create a public repository, and have a site administrator visit a specially crafted URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5B9A47-6697-4323-8C71-63CC46EEDCD4",
"versionEndExcluding": "3.2.20",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D78CBA9-4429-40D3-A99B-34B7F01E5836",
"versionEndExcluding": "3.3.15",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36AECB64-2CAA-451A-B1D0-F54C197421BC",
"versionEndExcluding": "3.4.10",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2856DB-ACBC-4CC5-AF46-AEDAEC9EAEF6",
"versionEndExcluding": "3.5.7",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7FAA99E-F14D-4904-8BE0-DE7D22D54D5D",
"versionEndExcluding": "3.6.3",
"versionStartIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to create a public repository, and have a site administrator visit a specially crafted URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de clave de cach\u00e9 inadecuada en GitHub Enterprise Server que permiti\u00f3 a un actor no autorizado acceder a archivos del repositorio privado a trav\u00e9s de un repositorio p\u00fablico. Para aprovechar esto, un actor necesitar\u00eda estar autorizado en la instancia de GitHub Enterprise Server, poder crear un repositorio p\u00fablico y hacer que un administrador del sitio visite una URL especialmente manipulada. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.6 y se solucion\u00f3 en las versiones 3.2.20, 3.3.15, 3.4.10, 3.5.7, 3.6.3. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2022-23738",
"lastModified": "2024-11-21T06:49:12.737",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-01T18:15:10.897",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.20"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.15"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.10"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.7"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.3"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-21 21:15
Modified
2024-11-21 08:44
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B118EB53-4459-4817-8F74-002DBA4860DA",
"versionEndExcluding": "3.9.7",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65FB74F-11AB-439B-9CF0-9F08E03E4083",
"versionEndExcluding": "3.10.4",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC723276-C3EE-4F79-857A-3A5C078C33E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de autenticaci\u00f3n incorrecta en GitHub Enterprise Server que permit\u00eda omitir el Private Mode mediante el uso de una solicitud API especialmente manipulada. Para aprovechar esta vulnerabilidad, un atacante necesitar\u00eda acceso de red al dispositivo Enterprise Server configurado en Private Mode. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.9 y se solucion\u00f3 en las versiones 3.9.7, 3.10.4 y 3.11.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2023-6847",
"lastModified": "2024-11-21T08:44:40.343",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-21T21:15:15.340",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-10 02:15
Modified
2024-11-21 05:50
Severity ?
Summary
A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAC1986-65CE-4029-BD72-F24BD08E012E",
"versionEndExcluding": "3.0.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3F86C8-98AC-4CF5-A37D-94DCB0AA561F",
"versionEndExcluding": "3.1.11",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "908E5FE0-0E89-4A66-95A0-484EFF4AD850",
"versionEndExcluding": "3.2.3",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de salto de ruta en las construcciones de GitHub Pages en GitHub Enterprise Server que podr\u00eda permitir a un atacante leer archivos del sistema. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda permiso para crear y construir un sitio de GitHub Pages en la instancia de GitHub Enterprise Server. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server anteriores a 3.3, y fue corregida en las versiones 3.0.19, 3.1.11 y 3.2.3. Esta vulnerabilidad fue reportada por medio del programa GitHub Bug Bounty"
}
],
"id": "CVE-2021-22870",
"lastModified": "2024-11-21T05:50:48.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-10T02:15:06.983",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.19"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.11"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.3"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-07 19:15
Modified
2024-11-21 07:46
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist's URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D30FF55B-C5FA-431A-8E0C-7FCB872AD8DC",
"versionEndExcluding": "3.4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A66A3A-E2CB-4B7B-BB28-FD81D8A81F9C",
"versionEndExcluding": "3.5.15",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C79CD6-3EA8-470D-8E35-EF53450F063B",
"versionEndExcluding": "3.6.11",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75E3B814-6517-4938-917D-7098FF49E301",
"versionEndExcluding": "3.7.8",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "952A51A6-A24C-4989-9941-FE62E21C505D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users\u0027 secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist\u0027s URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"id": "CVE-2023-23761",
"lastModified": "2024-11-21T07:46:46.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.8,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-07T19:15:06.980",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.18"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.11"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.8"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.1"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-21 21:15
Modified
2024-12-16 19:07
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C219467-E463-4C59-AAD7-8BECDA8AA1AE",
"versionEndExcluding": "3.7.19",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D983FF-FDDE-484C-AA34-31EB52E25EC2",
"versionEndExcluding": "3.8.12",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B118EB53-4459-4817-8F74-002DBA4860DA",
"versionEndExcluding": "3.9.7",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65FB74F-11AB-439B-9CF0-9F08E03E4083",
"versionEndExcluding": "3.10.4",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC723276-C3EE-4F79-857A-3A5C078C33E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token.\u00a0This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de autorizaci\u00f3n incorrecta en GitHub Enterprise Server que permit\u00eda leer los comentarios del problema con un token con un alcance incorrecto. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucion\u00f3 en las versiones 3.17.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1."
}
],
"id": "CVE-2023-51380",
"lastModified": "2024-12-16T19:07:20.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-21T21:15:13.757",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-01 15:15
Modified
2024-11-21 07:46
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B03C9B63-C322-4C77-B1D9-637A9C45AE65",
"versionEndExcluding": "3.6.18",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12B15ADD-B347-4EBC-8AA8-945083E5BB85",
"versionEndExcluding": "3.7.16",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56FDAC1D-5BF6-4067-AEB1-5EA35FA7871A",
"versionEndExcluding": "3.8.9",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B9AA495-49D5-4331-B57B-60FF995C0B09",
"versionEndExcluding": "3.9.4",
"versionStartIncluding": "3.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program.\n"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de autorizaci\u00f3n/divulgaci\u00f3n de informaci\u00f3n sensible en GitHub Enterprise Server que permit\u00eda a un fork conservar el acceso de lectura a un repositorio upstream despu\u00e9s de cambiar su visibilidad a privada. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server anteriores a la 3.10.0 y se solucion\u00f3 en las versiones 3.9.4, 3.8.9, 3.7.16 y 3.6.18. Esta vulnerabilidad fue reportada a trav\u00e9s del programa GitHub Bug Bounty. "
}
],
"id": "CVE-2023-23763",
"lastModified": "2024-11-21T07:46:47.180",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-01T15:15:07.620",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.18-security-fixes"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.16-security-fixes"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9-security-fixes"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.4-security-fixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.18-security-fixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.16-security-fixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9-security-fixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.4-security-fixes"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-16 22:15
Modified
2024-11-21 09:48
Severity ?
Summary
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This was only exploitable in internal repositories and required the attacker to have access to the corresponding project board. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF7098F-C0C3-474E-8E01-E3252A3A4DB4",
"versionEndExcluding": "3.9.17",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "976E8532-E4BE-4779-9E09-05FCD57F5EB0",
"versionEndExcluding": "3.10.14",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A638319-C7A1-42F0-808E-84DF23F37734",
"versionEndExcluding": "3.11.12",
"versionStartIncluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB39F351-9738-4228-B4C9-0A0E6A4CE97D",
"versionEndExcluding": "3.12.6",
"versionStartIncluding": "3.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9D3E81-23E5-4BD9-BC0F-D87CF0ED21FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This was only exploitable in internal repositories and required the attacker to have access to the corresponding project board. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de autorizaci\u00f3n incorrecta en GitHub Enterprise Server que permit\u00eda acceso de lectura al contenido del problema a trav\u00e9s de Proyectos de GitHub. Esto s\u00f3lo era explotable en repositorios internos y requer\u00eda que el atacante tuviera acceso al tablero de proyecto correspondiente. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.14 y se solucion\u00f3 en las versiones 3.13.1, 3.12.6, 3.11.12, 3.10.14 y 3.9.17. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-5817",
"lastModified": "2024-11-21T09:48:23.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "product-cna@github.com",
"type": "Secondary"
}
]
},
"published": "2024-07-16T22:15:05.840",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-02 21:15
Modified
2024-11-21 07:44
Severity ?
4.1 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to control the value of environment variables for use with GitHub Actions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.8.0 and was fixed in versions 3.4.15, 3.5.12, 3.6.8, 3.7.5. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64C81994-84EA-4B29-A7F5-8AFEECBEA9A6",
"versionEndExcluding": "3.4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D976E9E1-1CEF-40DB-AAFF-793D8AEE1FEC",
"versionEndExcluding": "3.5.12",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B704CE69-3F7F-430A-BC02-89BD1C1CF132",
"versionEndExcluding": "3.6.8",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B55AC18-CDFC-4CD5-9610-A0FB2C2729CD",
"versionEndExcluding": "3.7.5",
"versionStartIncluding": "3.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to control the value of environment variables for use with GitHub Actions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.8.0 and was fixed in versions 3.4.15, 3.5.12, 3.6.8, 3.7.5. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\n\n\n"
}
],
"id": "CVE-2023-22381",
"lastModified": "2024-11-21T07:44:40.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.4,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-02T21:15:10.403",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.8"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.5"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 19:15
Modified
2024-11-21 08:50
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6BA1DD-5194-4738-B23D-07FCEAFFB3DF",
"versionEndExcluding": "3.8.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C3BDFFD-8A83-4D52-8A6E-B87B8070A046",
"versionEndExcluding": "3.9.10",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB406BB2-7ABF-4A44-830F-7012CDB3D81D",
"versionEndExcluding": "3.10.7",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0529566C-AC2F-4385-93D7-578230AC453E",
"versionEndExcluding": "3.11.5",
"versionStartIncluding": "3.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de comandos en GitHub Enterprise Server que permiti\u00f3 a un atacante con una funci\u00f3n de editor en Management Console obtener acceso SSH de administrador al dispositivo al configurar un proxy HTTP. La explotaci\u00f3n de esta vulnerabilidad requiri\u00f3 acceso a la instancia de GitHub Enterprise Server y acceso a la consola de administraci\u00f3n con la funci\u00f3n de editor. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en las versiones 3.11.5, 3.10.7, 3.9.10 y 3.8.15. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty https://bounty.github.com."
}
],
"id": "CVE-2024-1359",
"lastModified": "2024-11-21T08:50:24.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-13T19:15:09.837",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-09 17:15
Modified
2024-11-21 07:30
Severity ?
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability affected all versions of GitHub Enterprise Server prior to version 3.7 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, and 3.6.4. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F2D1DF-18B6-41C7-9419-344903BB3329",
"versionEndExcluding": "3.3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACD576A-8127-4831-B3C9-9E1458E073E8",
"versionEndExcluding": "3.4.11",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE47FDA8-4EA9-4C83-992B-A4364FB6B5D6",
"versionEndExcluding": "3.5.8",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F99D0124-5B44-46B1-9E7B-684D94301E08",
"versionEndExcluding": "3.6.4",
"versionStartIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability affected all versions of GitHub Enterprise Server prior to version 3.7 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, and 3.6.4. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de autorizaci\u00f3n incorrecta en GitHub Enterprise Server que permit\u00eda que un token con alcance de repositorio con acceso de lectura/escritura modificara archivos de flujo de trabajo de acci\u00f3n sin un alcance de flujo de trabajo. La API Crear o actualizar el contenido del archivo debe aplicar el alcance del flujo de trabajo. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la versi\u00f3n 3.7 y se solucion\u00f3 en las versiones 3.3.16, 3.4.11, 3.5.8 y 3.6.4. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2022-46258",
"lastModified": "2024-11-21T07:30:17.983",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-09T17:15:10.977",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.16"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.11"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.8"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.4"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-14 18:15
Modified
2024-11-21 07:30
Severity ?
Summary
An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | 3.7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0AA188-F17E-4FED-98E9-10CAC3E9797E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una limitaci\u00f3n inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido en GitHub Enterprise Server que permit\u00eda la ejecuci\u00f3n remota de c\u00f3digo. Se agreg\u00f3 una verificaci\u00f3n dentro de Pages para garantizar que el directorio de trabajo est\u00e9 limpio antes de descomprimir contenido nuevo para evitar un error de sobrescritura arbitraria de archivos. Esta vulnerabilidad afect\u00f3 solo a la versi\u00f3n 3.7.0 de GitHub Enterprise Server y se solucion\u00f3 en la versi\u00f3n 3.7.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2022-46255",
"lastModified": "2024-11-21T07:30:17.597",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T18:15:23.193",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 19:15
Modified
2024-11-21 08:50
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6BA1DD-5194-4738-B23D-07FCEAFFB3DF",
"versionEndExcluding": "3.8.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C3BDFFD-8A83-4D52-8A6E-B87B8070A046",
"versionEndExcluding": "3.9.10",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB406BB2-7ABF-4A44-830F-7012CDB3D81D",
"versionEndExcluding": "3.10.7",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0529566C-AC2F-4385-93D7-578230AC453E",
"versionEndExcluding": "3.11.5",
"versionStartIncluding": "3.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via\u00a0nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de comandos en GitHub Enterprise Server que permiti\u00f3 a un atacante con una funci\u00f3n de editor en Management Console obtener acceso SSH de administrador al dispositivo a trav\u00e9s de plantillas n\u00f3madas al configurar el reenv\u00edo de registros de auditor\u00eda. La explotaci\u00f3n de esta vulnerabilidad requiri\u00f3 acceso a la instancia de GitHub Enterprise Server y acceso a la Consola de administraci\u00f3n con la funci\u00f3n de editor. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en las versiones 3.11.5, 3.10.7, 3.9.10 y 3.8.15. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty https://bounty.github.com."
}
],
"id": "CVE-2024-1374",
"lastModified": "2024-11-21T08:50:26.443",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-13T19:15:10.497",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 19:15
Modified
2024-11-21 08:50
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6BA1DD-5194-4738-B23D-07FCEAFFB3DF",
"versionEndExcluding": "3.8.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C3BDFFD-8A83-4D52-8A6E-B87B8070A046",
"versionEndExcluding": "3.9.10",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB406BB2-7ABF-4A44-830F-7012CDB3D81D",
"versionEndExcluding": "3.10.7",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0529566C-AC2F-4385-93D7-578230AC453E",
"versionEndExcluding": "3.11.5",
"versionStartIncluding": "3.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng`\u00a0configuration file. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de comandos en GitHub Enterprise Server que permiti\u00f3 a un atacante con funci\u00f3n de editor en Management Console obtener acceso SSH de administrador al dispositivo a trav\u00e9s del archivo de configuraci\u00f3n `syslog-ng`. La explotaci\u00f3n de esta vulnerabilidad requiri\u00f3 acceso a la instancia de GitHub Enterprise Server y acceso a la Consola de administraci\u00f3n con la funci\u00f3n de editor. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en las versiones 3.11.5, 3.10.7, 3.9.10 y 3.8.15. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-1354",
"lastModified": "2024-11-21T08:50:23.843",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-13T19:15:09.450",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-21 21:15
Modified
2024-12-16 19:07
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
Summary
An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C219467-E463-4C59-AAD7-8BECDA8AA1AE",
"versionEndExcluding": "3.7.19",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D983FF-FDDE-484C-AA34-31EB52E25EC2",
"versionEndExcluding": "3.8.12",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B118EB53-4459-4817-8F74-002DBA4860DA",
"versionEndExcluding": "3.9.7",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65FB74F-11AB-439B-9CF0-9F08E03E4083",
"versionEndExcluding": "3.10.4",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC723276-C3EE-4F79-857A-3A5C078C33E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs.\u00a0This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\u00a0"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en el archivo de registro en los archivos de registro de un servicio back-end de GitHub Enterprise Server que podr\u00eda permitir un ataque de \"adversary in the middle\" cuando se combina con otras t\u00e9cnicas de phishing. Para explotar esto, un atacante necesitar\u00eda acceso a los archivos de registro del dispositivo GitHub Enterprise Server, un archivo de respaldo creado con GitHub Enterprise Server Backup Utilities o un servicio que recibiera registros transmitidos. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucion\u00f3 en las versiones 3.17.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1."
}
],
"id": "CVE-2023-6746",
"lastModified": "2024-12-16T19:07:48.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 5.8,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-21T21:15:14.303",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-25 20:15
Modified
2024-11-21 06:26
Severity ?
Summary
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but if the user later updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, those additional permissions would not be displayed, leading to more permissions being granted than the user potentially intended. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B3EF54-1A87-43DE-8AF5-E35186AD4A45",
"versionEndExcluding": "3.0.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74D8256B-A225-4AE9-A452-026B02A6395F",
"versionEndExcluding": "3.1.13",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD1AB3-9525-4158-AB45-D333E88971EC",
"versionEndExcluding": "3.2.5",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App\u0027s user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but if the user later updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, those additional permissions would not be displayed, leading to more permissions being granted than the user potentially intended. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de tergiversaci\u00f3n de la interfaz de usuario en GitHub Enterprise Server que permit\u00eda conceder m\u00e1s permisos durante el flujo web de autorizaci\u00f3n de usuarios de una GitHub App de los que eran mostrados al usuario durante la aprobaci\u00f3n. Para explotar esta vulnerabilidad, un atacante tendr\u00eda que crear una GitHub App en la instancia y hacer que un usuario autorice la aplicaci\u00f3n mediante el flujo de autenticaci\u00f3n web. Todos los permisos concedidos ser\u00edan mostrados correctamente durante la primera autorizaci\u00f3n, pero si el usuario actualizaba posteriormente el conjunto de repositorios en los que estaba instalada la aplicaci\u00f3n despu\u00e9s de que la aplicaci\u00f3n de GitHub hubiera configurado permisos adicionales a nivel de usuario, esos permisos adicionales no ser\u00edan mostrados, conllevando a una concesi\u00f3n de m\u00e1s permisos de los que el usuario podr\u00eda haber previsto. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server anteriores a la 3.3 y fue corregido en las versiones 3.2.5, 3.1.13 y 3.0.21. Esta vulnerabilidad fue reportada por medio del programa GitHub Bug Bounty"
}
],
"id": "CVE-2021-41598",
"lastModified": "2024-11-21T06:26:30.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-25T20:15:08.453",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-451"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-10 22:15
Modified
2024-11-15 16:57
Severity ?
Summary
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E624875C-FCF2-4538-8F3E-D64183154275",
"versionEndExcluding": "3.11.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F70645DE-4DC2-40CB-B425-4E002B302FDB",
"versionEndExcluding": "3.12.10",
"versionStartIncluding": "3.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B08CBD2C-6DA7-4C0F-9812-42933F51C003",
"versionEndExcluding": "3.13.5",
"versionStartIncluding": "3.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59E74193-93FE-45FE-8C74-34EC30EEB03C",
"versionEndExcluding": "3.14.2",
"versionStartIncluding": "3.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de verificaci\u00f3n incorrecta de la firma criptogr\u00e1fica en GitHub Enterprise Server que permit\u00eda eludir la autenticaci\u00f3n SSO SAML, lo que daba como resultado el aprovisionamiento no autorizado de usuarios y el acceso a la instancia. Para explotarla, era necesario habilitar la funci\u00f3n de aserciones cifradas y el atacante necesitaba acceso directo a la red, as\u00ed como una respuesta SAML firmada o un documento de metadatos. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.15 y se solucion\u00f3 en las versiones 3.11.16, 3.12.10, 3.13.5 y 3.14.2. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa de recompensas por errores de GitHub."
}
],
"id": "CVE-2024-9487",
"lastModified": "2024-11-15T16:57:10.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "product-cna@github.com",
"type": "Secondary"
}
]
},
"published": "2024-10-10T22:15:11.357",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.10"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.5"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.2"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-23 18:15
Modified
2024-11-21 06:49
Severity ?
Summary
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | 3.7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0AA188-F17E-4FED-98E9-10CAC3E9797E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "CR\u00cdTICO: Se identific\u00f3 una neutralizaci\u00f3n incorrecta de los delimitadores de argumentos en una vulnerabilidad de comando en GitHub Enterprise Server que permit\u00eda la ejecuci\u00f3n remota de c\u00f3digo. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda permiso para crear y compilar p\u00e1ginas de GitHub utilizando GitHub Actions. Esta vulnerabilidad afect\u00f3 solo a la versi\u00f3n 3.7.0 de GitHub Enterprise Server y se solucion\u00f3 en la versi\u00f3n 3.7.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2022-23740",
"lastModified": "2024-11-21T06:49:12.987",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-23T18:15:11.130",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-02 16:15
Modified
2024-11-21 06:49
Severity ?
Summary
A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB425E9F-1083-4043-A06B-733CE4DB9F37",
"versionEndExcluding": "3.3.11",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F16C37D-DB03-4699-8285-81A1DCF9BD7E",
"versionEndExcluding": "3.4.6",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83C96B19-F1B0-4E03-A6C5-8BBAF7B4A00B",
"versionEndExcluding": "3.5.3",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github\u0027s Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de tipo XSS almacenado en GitHub Enterprise Server que permit\u00eda la inyecci\u00f3n de atributos arbitrarios. Esta inyecci\u00f3n fue bloqueada por la Pol\u00edtica de Seguridad de Contenidos (CSP) de Github. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server anteriores a 3.6 y fue corregida en versiones 3.3.11, 3.4.6 y 3.5.3. Esta vulnerabilidad fue reportada por medio del programa GitHub Bug Bounty"
}
],
"id": "CVE-2022-23733",
"lastModified": "2024-11-21T06:49:12.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-02T16:15:10.017",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-23 21:15
Modified
2024-09-27 13:49
Severity ?
Summary
A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92B7FEDD-264A-4B57-B722-58E8D3F30EA4",
"versionEndExcluding": "3.10.17",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21688373-04C3-4091-A8A9-0158C1744548",
"versionEndExcluding": "3.11.15",
"versionStartIncluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "597AB8F0-5B47-477F-B27D-A461CD6CFAFA",
"versionEndExcluding": "3.12.9",
"versionStartIncluding": "3.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "163BA2E3-5619-4684-B7C2-0F7103BC849C",
"versionEndExcluding": "3.13.4",
"versionStartIncluding": "3.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CD20D1-EF3F-422F-81DB-DB53859FF556",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering.\u00a0This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1.\u00a0This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad Cross-Site Scripting (XSS) en la funci\u00f3n de transferencia de repositorios de GitHub Enterprise Server, que permite a los atacantes robar informaci\u00f3n confidencial de los usuarios mediante ingenier\u00eda social. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server y se solucion\u00f3 en las versiones 3.10.17, 3.11.15, 3.12.9, 3.13.4 y 3.14.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-8770",
"lastModified": "2024-09-27T13:49:29.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "product-cna@github.com",
"type": "Secondary"
}
]
},
"published": "2024-09-23T21:15:13.123",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.17"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.9"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.4"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.1"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-24 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04947602-2CE8-4F71-B8F8-698321B08CAD",
"versionEndExcluding": "3.0.16",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45F01144-515A-4FFA-B7E2-1B6609D44425",
"versionEndExcluding": "3.1.8",
"versionStartIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso inapropiada en GitHub Enterprise Server permiti\u00f3 que un trabajo de workflow se ejecutara en un grupo de ejecuci\u00f3n auto alojado al que no deber\u00eda haber tenido acceso. Esto afecta a clientes que usan grupos de ejecutores auto hosteado para el control de acceso. Un repositorio con acceso a un grupo de ejecutores de empresa pod\u00eda acceder a todos los grupos de ejecutores de empresa de la organizaci\u00f3n debido a unas comprobaciones de autenticaci\u00f3n inapropiadas durante la petici\u00f3n. Esto podr\u00eda causar una ejecuci\u00f3n involuntaria de c\u00f3digo por parte del grupo de ejecutores incorrecto. Esta vulnerabilidad afectaba a las versiones de GitHub Enterprise Server desde la 3.0.0 a 3.0.15 y desde la 3.1.0 a 3.1.7 y se corrigi\u00f3 en las versiones 3.0.16 y 3.1.8."
}
],
"id": "CVE-2021-22869",
"lastModified": "2024-11-21T05:50:48.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-24T18:15:07.577",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-16 19:15
Modified
2024-11-21 08:46
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "253739D1-3AED-408C-97C9-279159F8AE96",
"versionEndExcluding": "3.8.13",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECFE0544-DC34-4F4F-B803-AEBCF7B2B74F",
"versionEndExcluding": "3.9.8",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "319648B0-78F1-444D-A947-DB4E0BDFAC6E",
"versionEndExcluding": "3.10.5",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "107BE45D-EA6F-499B-872D-38883D296915",
"versionEndExcluding": "3.11.3",
"versionStartIncluding": "3.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability\u00a0could lead to the execution of user-controlled methods and remote code execution. To\u00a0exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role.\u00a0This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.\n\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de reflexi\u00f3n insegura en GitHub Enterprise Server que podr\u00eda provocar una inyecci\u00f3n de reflexi\u00f3n. Esta vulnerabilidad podr\u00eda conducir a la ejecuci\u00f3n de m\u00e9todos controlados por el usuario y a la ejecuci\u00f3n remota de c\u00f3digo. Para aprovechar este error, un actor deber\u00eda iniciar sesi\u00f3n en una cuenta en la instancia de GHES con el rol de propietario de la organizaci\u00f3n. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en las versiones 3.8.13, 3.9.8, 3.10.5 y 3.11.3. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-0200",
"lastModified": "2024-11-21T08:46:03.023",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.3,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-16T19:15:08.667",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-470"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-470"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-11 18:15
Modified
2024-11-15 17:15
Severity ?
Summary
An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to upload malicious SVG files and phish a victim user to click on that uploaded asset URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.2, 3.13.5, 3.12.10, 3.11.16. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E624875C-FCF2-4538-8F3E-D64183154275",
"versionEndExcluding": "3.11.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F70645DE-4DC2-40CB-B425-4E002B302FDB",
"versionEndExcluding": "3.12.10",
"versionStartIncluding": "3.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B08CBD2C-6DA7-4C0F-9812-42933F51C003",
"versionEndExcluding": "3.13.5",
"versionStartIncluding": "3.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59E74193-93FE-45FE-8C74-34EC30EEB03C",
"versionEndExcluding": "3.14.2",
"versionStartIncluding": "3.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to upload malicious SVG files and phish a victim user to click on that uploaded asset URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.2, 3.13.5, 3.12.10, 3.11.16. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en GitHub Enterprise Server a trav\u00e9s de una URL de un recurso cargado por un atacante, lo que le permite recuperar informaci\u00f3n de metadatos de un usuario que hace clic en la URL y explotarla para crear una p\u00e1gina de phishing convincente. Esto requer\u00eda que el atacante cargara archivos SVG maliciosos y enga\u00f1ara al usuario v\u00edctima para que hiciera clic en la URL del recurso cargado. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.14 y se corrigi\u00f3 en las versiones 3.14.2, 3.13.5, 3.12.10 y 3.11.16. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa de recompensas por errores de GitHub."
}
],
"id": "CVE-2024-9539",
"lastModified": "2024-11-15T17:15:06.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "product-cna@github.com",
"type": "Secondary"
}
]
},
"published": "2024-10-11T18:15:08.887",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.10"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.5"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.2"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-17 19:15
Modified
2024-11-21 06:49
Severity ?
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that are not tied to a repository regardless of granted permissions, such as users and organization-wide projects. Resources associated with repositories were not impacted, such as repository file content, repository-specific projects, issues, or pull requests. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7.1 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, 3.6.4, 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | 3.7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F2D1DF-18B6-41C7-9419-344903BB3329",
"versionEndExcluding": "3.3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACD576A-8127-4831-B3C9-9E1458E073E8",
"versionEndExcluding": "3.4.11",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE47FDA8-4EA9-4C83-992B-A4364FB6B5D6",
"versionEndExcluding": "3.5.8",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F99D0124-5B44-46B1-9E7B-684D94301E08",
"versionEndExcluding": "3.6.4",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0AA188-F17E-4FED-98E9-10CAC3E9797E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that are not tied to a repository regardless of granted permissions, such as users and organization-wide projects. Resources associated with repositories were not impacted, such as repository file content, repository-specific projects, issues, or pull requests. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7.1 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, 3.6.4, 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de autorizaci\u00f3n incorrecta en GitHub Enterprise Server, lo que permite escalar privilegios en solicitudes de API GraphQL desde GitHub Apps. Esta vulnerabilidad permiti\u00f3 que una aplicaci\u00f3n instalada en una organizaci\u00f3n obtuviera acceso y modificara la mayor\u00eda de los recursos a nivel de la organizaci\u00f3n que no est\u00e1n vinculados a un repositorio, independientemente de los permisos otorgados, como usuarios y proyectos de toda la organizaci\u00f3n. Los recursos asociados con los repositorios no se vieron afectados, como el contenido de los archivos del repositorio, los proyectos espec\u00edficos del repositorio, los problemas o las solicitudes de extracci\u00f3n. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.7.1 y se solucion\u00f3 en las versiones 3.3.16, 3.4.11, 3.5.8, 3.6.4, 3.7.1. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2022-23739",
"lastModified": "2024-11-21T06:49:12.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-17T19:15:11.340",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.16"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.11"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.8"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.4"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-16 19:15
Modified
2024-11-21 08:46
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB892F1A-3E3E-476E-8EBC-18FD7F5CB26D",
"versionEndExcluding": "3.8.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECFE0544-DC34-4F4F-B803-AEBCF7B2B74F",
"versionEndExcluding": "3.9.8",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "319648B0-78F1-444D-A947-DB4E0BDFAC6E",
"versionEndExcluding": "3.10.5",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "107BE45D-EA6F-499B-872D-38883D296915",
"versionEndExcluding": "3.11.3",
"versionStartIncluding": "3.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Un atacante con acceso a una cuenta de usuario de Management Console con funci\u00f3n de editor podr\u00eda escalar privilegios a trav\u00e9s de una vulnerabilidad de inyecci\u00f3n de comandos en Management Console. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server y se solucion\u00f3 en las versiones 3.11.3, 3.10.5, 3.9.8 y 3.8.13. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty."
}
],
"id": "CVE-2024-0507",
"lastModified": "2024-11-21T08:46:45.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-16T19:15:08.870",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-13 19:15
Modified
2024-11-21 08:50
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * | |
| github | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6BA1DD-5194-4738-B23D-07FCEAFFB3DF",
"versionEndExcluding": "3.8.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C3BDFFD-8A83-4D52-8A6E-B87B8070A046",
"versionEndExcluding": "3.9.10",
"versionStartIncluding": "3.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB406BB2-7ABF-4A44-830F-7012CDB3D81D",
"versionEndExcluding": "3.10.7",
"versionStartIncluding": "3.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0529566C-AC2F-4385-93D7-578230AC453E",
"versionEndExcluding": "3.11.5",
"versionStartIncluding": "3.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via\u00a0nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de comandos en GitHub Enterprise Server que permiti\u00f3 a un atacante con una funci\u00f3n de editor en Management Console obtener acceso SSH de administrador al dispositivo a trav\u00e9s de plantillas n\u00f3madas al configurar las opciones SMTP. La explotaci\u00f3n de esta vulnerabilidad requiri\u00f3 acceso a la instancia de GitHub Enterprise Server y acceso a la Consola de administraci\u00f3n con la funci\u00f3n de editor. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en las versiones 3.11.5, 3.10.7, 3.9.10 y 3.8.15. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty https://bounty.github.com."
}
],
"id": "CVE-2024-1378",
"lastModified": "2024-11-21T08:50:26.997",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-13T19:15:10.760",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}