Unrated severityNVD Advisory· Published Apr 17, 2025· Updated Apr 18, 2025
Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private repository names
CVE-2025-3124
Description
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only using the archived: filter and all other access controls were functioning normally. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.13.14, 3.14.11, 3.15.6, and 3.16.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<3.17+ 1 more
- (no CPE)range: <3.17
- (no CPE)range: 3.13.0
Patches
Vulnerability mechanics
References
4- docs.github.com/en/enterprise-server@3.13/admin/release-notesmitrerelease-notes
- docs.github.com/en/enterprise-server@3.14/admin/release-notesmitrerelease-notes
- docs.github.com/en/enterprise-server@3.15/admin/release-notesmitrerelease-notes
- docs.github.com/en/enterprise-server@3.16/admin/release-notesmitrerelease-notes
News mentions
0No linked articles in our index yet.