Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
github enterprise server vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-22862
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed th...
Github Github 3.0.0
6.3
CVSSv3
CVE-2017-1000091
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access ...
Jenkins Github Branch Source 1.1
Jenkins Github Branch Source 1.2
Jenkins Github Branch Source 1.3
Jenkins Github Branch Source 1.4
Jenkins Github Branch Source 0.1
Jenkins Github Branch Source 1.0
Jenkins Github Branch Source 1.6
Jenkins Github Branch Source 2.0.0
Jenkins Github Branch Source 2.0.1
Jenkins Github Branch Source 2.0.2
Jenkins Github Branch Source 2.0.4
Jenkins Github Branch Source 2.2.0
Jenkins Github Branch Source 1.8
Jenkins Github Branch Source 1.8.1
Jenkins Github Branch Source 1.9
Jenkins Github Branch Source 1.10
Jenkins Github Branch Source 2.0.5
Jenkins Github Branch Source 2.0.6
Jenkins Github Branch Source 2.0.7
Jenkins Github Branch Source 1.5
Jenkins Github Branch Source 1.7
Jenkins Github Branch Source 2.0.3
6.1
CVSSv3
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
127 Github repositories
5.7
CVSSv3
CVE-2023-6746
An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would...
Github Enterprise Server
Github Enterprise Server 3.11.0
5.7
CVSSv3
CVE-2022-23738
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance...
Github Enterprise Server
5.5
CVSSv3
CVE-2023-6804
Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed...
Github Enterprise Server
Github Enterprise Server 3.11.0
5.4
CVSSv3
CVE-2022-23733
A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server before 3.6 and...
Github Enterprise Server
5.3
CVSSv3
CVE-2023-46646
Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This v...
Github Enterprise Server
5.3
CVSSv3
CVE-2023-23763
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterpris...
Github Enterprise Server
5.3
CVSSv3
CVE-2023-23761
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist's URL. This vu...
Github Enterprise Server 3.8.0
Github Enterprise Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »