Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
github enterprise vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-23766
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of...
Github Enterprise Server 3.10.0
Github Enterprise Server
NA
CVE-2023-6746
An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would...
Github Enterprise Server
Github Enterprise Server 3.11.0
NA
CVE-2023-6802
An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an malicious user to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterpri...
Github Enterprise Server
Github Enterprise Server 3.11.0
2 Github repositories
NA
CVE-2023-6804
Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed...
Github Enterprise Server
Github Enterprise Server 3.11.0
NA
CVE-2023-23761
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist's URL. This vu...
Github Enterprise Server 3.8.0
Github Enterprise Server
NA
CVE-2023-23765
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was...
Github Enterprise Server 3.9.0
Github Enterprise Server
NA
CVE-2022-23733
A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server before 3.6 and...
Github Enterprise Server
6.8
CVSSv2
CVE-2022-23732
A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively ...
Github Enterprise Server
NA
CVE-2023-46645
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Serve...
Github Enterprise Server
NA
CVE-2023-46647
Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affe...
Github Enterprise Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »