VYPR

Enterprise Server

by GitHub

CVEs (119)

  • CVE-2022-23734Oct 19, 2022
    risk 0.00cvss epss 0.02

    A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that…

  • CVE-2022-23733Aug 2, 2022
    risk 0.00cvss epss 0.00

    A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and…

  • CVE-2022-23732Apr 5, 2022
    risk 0.00cvss epss 0.02

    A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively…

  • CVE-2021-41599Feb 17, 2022
    risk 0.00cvss epss 0.02

    A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server…

  • CVE-2021-41598Jan 25, 2022
    risk 0.00cvss epss 0.01

    A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to…

  • CVE-2021-22870Nov 10, 2021
    risk 0.00cvss epss 0.01

    A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise…

  • CVE-2021-22868Sep 24, 2021
    risk 0.00cvss epss 0.01

    A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub…

  • CVE-2021-22869Sep 24, 2021
    risk 0.00cvss epss 0.01

    An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one…

  • CVE-2021-22867Jul 14, 2021
    risk 0.00cvss epss 0.01

    A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub…

  • CVE-2021-22866May 14, 2021
    risk 0.00cvss epss 0.01

    A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to…

  • CVE-2021-22865Apr 2, 2021
    risk 0.00cvss epss 0.01

    An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To…

  • CVE-2021-22864Mar 23, 2021
    risk 0.00cvss epss 0.02

    A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment…

  • CVE-2021-22863Mar 3, 2021
    risk 0.00cvss epss 0.01

    An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this…

  • CVE-2021-22862Mar 3, 2021
    risk 0.00cvss epss 0.01

    An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed…

  • CVE-2020-10519Mar 3, 2021
    risk 0.00cvss epss 0.03

    A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to…

  • CVE-2021-22861Mar 3, 2021
    risk 0.00cvss epss 0.01

    An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able…

  • CVE-2020-10517Aug 27, 2020
    risk 0.00cvss epss 0.01

    An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any…

  • CVE-2020-10518Aug 27, 2020
    risk 0.00cvss epss 0.04

    A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to…

  • CVE-2020-10516Jun 3, 2020
    risk 0.00cvss epss 0.02

    An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub…

Page 6 of 6