CVE-2025-6600

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpoint. Successful exploitation required an organization administrator to install a malicious GitHub App in the organization’s repositories. This vulnerability impacted only GitHub Enterprise Server version 3.17 and was addressed in version 3.17.2. The vulnerability was reported through the GitHub Bug Bounty program.

CVSS

No CVSS.

References

Link	Resource
https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.2

Configurations

No configuration.

History

03 Jul 2025, 15:14

Type	Values Removed	Values Added
Summary		(es) Se identificó una vulnerabilidad de exposición de información confidencial en GitHub Enterprise Server que podría permitir a un atacante divulgar los nombres de repositorios privados dentro de una organización. Este problema podría explotarse mediante un token de usuario a servidor sin alcances a través del endpoint de la API de búsqueda. Para explotarlo con éxito, el administrador de la organización tuvo que instalar una aplicación maliciosa de GitHub en los repositorios de la organización. Esta vulnerabilidad afectó únicamente a la versión 3.17 de GitHub Enterprise Server y se solucionó en la versión 3.17.2. La vulnerabilidad se reportó a través del programa de recompensas por errores de GitHub.

01 Jul 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-01 19:15

Updated : 2025-07-03 15:14

NVD link : CVE-2025-6600

Mitre link : CVE-2025-6600

CVE.ORG link : CVE-2025-6600

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2025-6600", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "product-cna@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-01T19:15:28.003", "references": [{"url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.2", "source": "product-cna@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "product-cna@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpoint. Successful exploitation required an organization administrator to install a malicious GitHub App in the organization\u2019s repositories. This vulnerability impacted only GitHub Enterprise Server version 3.17 and was addressed in version 3.17.2. The vulnerability was reported through the GitHub Bug Bounty program."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial en GitHub Enterprise Server que podr\u00eda permitir a un atacante divulgar los nombres de repositorios privados dentro de una organizaci\u00f3n. Este problema podr\u00eda explotarse mediante un token de usuario a servidor sin alcances a trav\u00e9s del endpoint de la API de b\u00fasqueda. Para explotarlo con \u00e9xito, el administrador de la organizaci\u00f3n tuvo que instalar una aplicaci\u00f3n maliciosa de GitHub en los repositorios de la organizaci\u00f3n. Esta vulnerabilidad afect\u00f3 \u00fanicamente a la versi\u00f3n 3.17 de GitHub Enterprise Server y se solucion\u00f3 en la versi\u00f3n 3.17.2. La vulnerabilidad se report\u00f3 a trav\u00e9s del programa de recompensas por errores de GitHub."}], "lastModified": "2025-07-03T15:14:12.767", "sourceIdentifier": "product-cna@github.com"}