CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2748 – CSRF vulnerability was identified in GitHub Enterprise Server that allowed performing actions on behalf of a user
https://notcve.org/view.php?id=CVE-2024-2748
A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. Se identificó una vulnerabilidad de Cross Site Request Forgery en GitHub Enterprise Server que permitió a un atacante ejecutar acciones no autorizadas en nombre de un usuario desprevenido. • https://docs.github.com/en/enterprise-server@3.12/admin/release-notes/#3.12.1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-2469 – Remote Code Execution in GitHub Enterprise Server Allowed Administrators to gain SSH access to the appliance
https://notcve.org/view.php?id=CVE-2024-2469
An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. Un atacante con función de administrador en GitHub Enterprise Server podría obtener acceso raíz SSH mediante la ejecución remota de código. Esta vulnerabilidad afectó a GitHub Enterprise Server versión 3.8.0 y superiores y se solucionó en las versiones 3.8.17, 3.9.12, 3.10.9, 3.11.7 y 3.12.1. • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.9 https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.7 https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.1 https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.17 https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.12 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-51380 – Incorrect Authorization allows Read Access to Issue Comments in GitHub Enterprise Server
https://notcve.org/view.php?id=CVE-2023-51380
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. Se identificó una vulnerabilidad de autorización incorrecta en GitHub Enterprise Server que permitía leer los comentarios del problema con un token con un alcance incorrecto. Esta vulnerabilidad afectó a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucionó en las versiones 3.17.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1. • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19 https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 • CWE-863: Incorrect Authorization •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2023-51379 – Incorrect Authorization for Issue Comments in GitHub Enterprise Server
https://notcve.org/view.php?id=CVE-2023-51379
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. Se identificó una vulnerabilidad de autorización incorrecta en GitHub Enterprise Server que permitía actualizar los comentarios del problema con un token con un alcance incorrecto. Esta vulnerabilidad no permitía el acceso no autorizado a ningún contenido del repositorio, ya que también requería permisos de contenido: problemas de lectura y escritura. • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19 https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 • CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6746 – Sensitive Information in Log File in GitHub Enterprise Server
https://notcve.org/view.php?id=CVE-2023-6746
An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. Se identificó una vulnerabilidad de inserción de información confidencial en el archivo de registro en los archivos de registro de un servicio back-end de GitHub Enterprise Server que podría permitir un ataque de "adversary in the middle" cuando se combina con otras técnicas de phishing. Para explotar esto, un atacante necesitaría acceso a los archivos de registro del dispositivo GitHub Enterprise Server, un archivo de respaldo creado con GitHub Enterprise Server Backup Utilities o un servicio que recibiera registros transmitidos. • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19 https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 • CWE-532: Insertion of Sensitive Information into Log File •