Page 12 of 118 results (0.003 seconds)

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program. Se ha identificado una vulnerabilidad de autorización/divulgación de información sensible en GitHub Enterprise Server que permitía a un fork conservar el acceso de lectura a un repositorio upstream después de cambiar su visibilidad a privada. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server anteriores a la 3.10.0 y se solucionó en las versiones 3.9.4, 3.8.9, 3.7.16 y 3.6.18. • https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.18-security-fixes https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.16-security-fixes https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9-security-fixes https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.4-security-fixes • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ . Se identificó una vulnerabilidad de comparación incorrecta en GitHub Enterprise Server que permitía el contrabando de commits mostrando un diff incorrecto en un Pull Request reabierto. Para explotar esta vulnerabilidad, un atacante necesitaría acceso de escritura al repositorio. • https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.16 https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.13 https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9 https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.1 • CWE-697: Incorrect Comparison •

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program. • https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.9 https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.2 https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.1 • CWE-697: Incorrect Comparison •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12. • https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.12 https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36867 •