Enterprise Server
by GitHub
CVEs (119)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-23734 | 0.00 | — | 0.02 | Oct 19, 2022 | A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that… | |||
| CVE-2022-23733 | 0.00 | — | 0.00 | Aug 2, 2022 | A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and… | |||
| CVE-2022-23732 | 0.00 | — | 0.02 | Apr 5, 2022 | A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively… | |||
| CVE-2021-41599 | 0.00 | — | 0.02 | Feb 17, 2022 | A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server… | |||
| CVE-2021-41598 | 0.00 | — | 0.01 | Jan 25, 2022 | A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to… | |||
| CVE-2021-22870 | 0.00 | — | 0.01 | Nov 10, 2021 | A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise… | |||
| CVE-2021-22868 | 0.00 | — | 0.01 | Sep 24, 2021 | A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub… | |||
| CVE-2021-22869 | 0.00 | — | 0.01 | Sep 24, 2021 | An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one… | |||
| CVE-2021-22867 | 0.00 | — | 0.01 | Jul 14, 2021 | A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub… | |||
| CVE-2021-22866 | 0.00 | — | 0.01 | May 14, 2021 | A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to… | |||
| CVE-2021-22865 | 0.00 | — | 0.01 | Apr 2, 2021 | An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To… | |||
| CVE-2021-22864 | 0.00 | — | 0.02 | Mar 23, 2021 | A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment… | |||
| CVE-2021-22863 | 0.00 | — | 0.01 | Mar 3, 2021 | An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this… | |||
| CVE-2021-22862 | 0.00 | — | 0.01 | Mar 3, 2021 | An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed… | |||
| CVE-2020-10519 | 0.00 | — | 0.03 | Mar 3, 2021 | A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to… | |||
| CVE-2021-22861 | 0.00 | — | 0.01 | Mar 3, 2021 | An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able… | |||
| CVE-2020-10517 | 0.00 | — | 0.01 | Aug 27, 2020 | An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any… | |||
| CVE-2020-10518 | 0.00 | — | 0.04 | Aug 27, 2020 | A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to… | |||
| CVE-2020-10516 | 0.00 | — | 0.02 | Jun 3, 2020 | An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub… |
- CVE-2022-23734Oct 19, 2022risk 0.00cvss —epss 0.02
A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that…
- CVE-2022-23733Aug 2, 2022risk 0.00cvss —epss 0.00
A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and…
- CVE-2022-23732Apr 5, 2022risk 0.00cvss —epss 0.02
A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively…
- CVE-2021-41599Feb 17, 2022risk 0.00cvss —epss 0.02
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server…
- CVE-2021-41598Jan 25, 2022risk 0.00cvss —epss 0.01
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to…
- CVE-2021-22870Nov 10, 2021risk 0.00cvss —epss 0.01
A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise…
- CVE-2021-22868Sep 24, 2021risk 0.00cvss —epss 0.01
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub…
- CVE-2021-22869Sep 24, 2021risk 0.00cvss —epss 0.01
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one…
- CVE-2021-22867Jul 14, 2021risk 0.00cvss —epss 0.01
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub…
- CVE-2021-22866May 14, 2021risk 0.00cvss —epss 0.01
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to…
- CVE-2021-22865Apr 2, 2021risk 0.00cvss —epss 0.01
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To…
- CVE-2021-22864Mar 23, 2021risk 0.00cvss —epss 0.02
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment…
- CVE-2021-22863Mar 3, 2021risk 0.00cvss —epss 0.01
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this…
- CVE-2021-22862Mar 3, 2021risk 0.00cvss —epss 0.01
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed…
- CVE-2020-10519Mar 3, 2021risk 0.00cvss —epss 0.03
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to…
- CVE-2021-22861Mar 3, 2021risk 0.00cvss —epss 0.01
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able…
- CVE-2020-10517Aug 27, 2020risk 0.00cvss —epss 0.01
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any…
- CVE-2020-10518Aug 27, 2020risk 0.00cvss —epss 0.04
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to…
- CVE-2020-10516Jun 3, 2020risk 0.00cvss —epss 0.02
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub…
Page 6 of 6