CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-8810 – Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed GitHub Apps to grant themselves write access
https://notcve.org/view.php?id=CVE-2024-8810
07 Nov 2024 — A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.1, 3.13.4, 3.12.9, 3.11.15, and 3.10.17. This vulnerability was reported via the GitHub Bug Bounty program. • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.17 • CWE-269: Improper Privilege Management •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10824 – Authorization Bypass Vulnerability was Identified in GitHub Enterprise Server that Allowed Unauthorized Internal Users to Access Secret Scanning Alert Data
https://notcve.org/view.php?id=CVE-2024-10824
07 Nov 2024 — An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token (PAT) and required that secret scanning be enabled on user-owned repositories. This vulnerability affected GitHub Enterprise Server versions after 3.13.0 but prior to 3.14.0 and was fixed in version 3.13.2. • https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.2 • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-10007 – Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-10007
07 Nov 2024 — A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise prior to 3.15 and was fixed in versions 3.14.3, 3.13.6, 3.12.11, and 3.11.17. This vulnerability was reported via the GitHub Bug Bounty program. • https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.17 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-9539
https://notcve.org/view.php?id=CVE-2024-9539
11 Oct 2024 — An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to upload malicious SVG files and phish a victim user to click on that uploaded asset URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.2, 3.13.5, 3.12.1... • https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.5EPSS: 36%CPEs: 4EXPL: 0CVE-2024-9487 – An Improper Verification of Cryptographic Signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed when the encrypted assertions feature was enabled
https://notcve.org/view.php?id=CVE-2024-9487
10 Oct 2024 — An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed... • https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-8263
https://notcve.org/view.php?id=CVE-2024-8263
23 Sep 2024 — An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program. An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tag... • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.17 • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-8770
https://notcve.org/view.php?id=CVE-2024-8770
23 Sep 2024 — A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program. A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitH... • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6800
https://notcve.org/view.php?id=CVE-2024-6800
20 Aug 2024 — An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when utilizing SAML authentication with specific identity providers. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all vers... • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6337 – Incorrect Authorization allows read access to issues in GitHub Enterprise Server
https://notcve.org/view.php?id=CVE-2024-6337
20 Aug 2024 — An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access token was not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16. This vulnerability was reported via the Git... • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-7711
https://notcve.org/view.php?id=CVE-2024-7711
20 Aug 2024 — An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server versions before 3.14 and was fixed in versions 3.13.3, 3.12.8, and 3.11.14. Versions 3.10 of GitHub Enterprise Server are not affected. This vulnerability was reported via the GitHub Bug Bounty program. • https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14 • CWE-863: Incorrect Authorization •