Filtered by vendor Github
Subscribe
Total
94 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6803 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 5.8 MEDIUM |
| A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | |||||
| CVE-2023-6802 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 7.2 HIGH |
| An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | |||||
| CVE-2023-6690 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 3.9 LOW |
| A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | |||||
| CVE-2023-46649 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 6.3 MEDIUM |
| A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | |||||
| CVE-2023-46648 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 8.3 HIGH |
| An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-46647 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 8.0 HIGH |
| Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0. | |||||
| CVE-2023-46645 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 6.8 MEDIUM |
| A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-37463 | 1 Github | 1 Cmark-gfm | 2024-11-21 | N/A | 6.4 MEDIUM |
| cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12. | |||||
| CVE-2023-36867 | 1 Github | 1 Pull Requests And Issues | 2024-11-21 | N/A | 7.8 HIGH |
| Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | |||||
| CVE-2023-23766 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 4.5 MEDIUM |
| An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-23765 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 4.8 MEDIUM |
| An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ . | |||||
| CVE-2023-23763 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 5.3 MEDIUM |
| An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-23762 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-23761 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 7.7 HIGH |
| An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist's URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-23760 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 4.9 MEDIUM |
| A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-22486 | 1 Github | 1 Cmark-gfm | 2024-11-21 | N/A | 3.5 LOW |
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7. | |||||
| CVE-2023-22485 | 1 Github | 1 Cmark-gfm | 2024-11-21 | N/A | 5.3 MEDIUM |
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7. | |||||
| CVE-2023-22484 | 1 Github | 1 Cmark-gfm | 2024-11-21 | N/A | 3.5 LOW |
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7. | |||||
| CVE-2023-22483 | 1 Github | 1 Cmark-gfm | 2024-11-21 | N/A | 3.5 LOW |
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7. | |||||
| CVE-2023-22381 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 4.1 MEDIUM |
| A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to control the value of environment variables for use with GitHub Actions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.8.0 and was fixed in versions 3.4.15, 3.5.12, 3.6.8, 3.7.5. This vulnerability was reported via the GitHub Bug Bounty program. | |||||