VYPR

Enterprise Server

by GitHub

CVEs (119)

  • CVE-2024-1378Feb 13, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. Exploitation of this vulnerability…

  • CVE-2024-1374Feb 13, 2024
    risk 0.00cvss epss 0.03

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this…

  • CVE-2024-1372Feb 13, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the…

  • CVE-2024-1369Feb 13, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. Exploitation of this…

  • CVE-2024-1359Feb 13, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the…

  • CVE-2024-1355Feb 13, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of…

  • CVE-2024-1354Feb 13, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. Exploitation of this vulnerability required…

  • CVE-2024-1082Feb 13, 2024
    risk 0.00cvss epss 0.01

    A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this…

  • CVE-2024-1084Feb 13, 2024
    risk 0.00cvss epss 0.00

    Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This…

  • CVE-2023-6847Dec 21, 2023
    risk 0.00cvss epss 0.01

    An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured…

  • CVE-2023-51380Dec 21, 2023
    risk 0.00cvss epss 0.00

    An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12,…

  • CVE-2023-51379Dec 21, 2023
    risk 0.00cvss epss 0.01

    An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and…

  • CVE-2023-46648Dec 21, 2023
    risk 0.00cvss epss 0.01

    An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending.…

  • CVE-2023-46649Dec 21, 2023
    risk 0.00cvss epss 0.00

    A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in…

  • CVE-2023-6804Dec 21, 2023
    risk 0.00cvss epss 0.00

    Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was…

  • CVE-2023-6803Dec 21, 2023
    risk 0.00cvss epss 0.00

    A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

  • CVE-2023-6802Dec 21, 2023
    risk 0.00cvss epss 0.01

    An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise…

  • CVE-2023-6746Dec 21, 2023
    risk 0.00cvss epss 0.01

    An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker…

  • CVE-2023-46645Dec 21, 2023
    risk 0.00cvss epss 0.01

    A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise…

  • CVE-2023-6690Dec 21, 2023
    risk 0.00cvss epss 0.00

    A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and…

Page 4 of 6