CVSS: 9.1EPSS: 3%CPEs: 4EXPL: 0CVE-2024-1378 – Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
https://notcve.org/view.php?id=CVE-2024-1378
13 Feb 2024 — A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.1... • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 4%CPEs: 4EXPL: 0CVE-2024-1374 – Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
https://notcve.org/view.php?id=CVE-2024-1374
13 Feb 2024 — A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.1... • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 4%CPEs: 4EXPL: 0CVE-2024-1372 – Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
https://notcve.org/view.php?id=CVE-2024-1372
13 Feb 2024 — A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.... • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 6%CPEs: 4EXPL: 0CVE-2024-1369 – Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
https://notcve.org/view.php?id=CVE-2024-1369
13 Feb 2024 — A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in ver... • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 6%CPEs: 4EXPL: 0CVE-2024-1359 – Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
https://notcve.org/view.php?id=CVE-2024-1359
13 Feb 2024 — A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8... • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 3%CPEs: 4EXPL: 0CVE-2024-1355 – Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
https://notcve.org/view.php?id=CVE-2024-1355
13 Feb 2024 — A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in v... • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.0EPSS: 2%CPEs: 4EXPL: 0CVE-2024-1354 – Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
https://notcve.org/view.php?id=CVE-2024-1354
13 Feb 2024 — A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10... • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-1082 – Path traversal vulnerability in GitHub Enterprise Server that allowed arbitrary file read with a specially crafted GitHub Pages artifact upload
https://notcve.org/view.php?id=CVE-2024-1082
13 Feb 2024 — A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15,... • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-1084
https://notcve.org/view.php?id=CVE-2024-1084
13 Feb 2024 — Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in all versions of 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. Cross-Site Scripting en el campo... • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 44%CPEs: 4EXPL: 1CVE-2024-0507 – Privilege Escalation by Code Injection in the Management Console in GitHub Enterprise Server
https://notcve.org/view.php?id=CVE-2024-0507
16 Jan 2024 — An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program. Un atacante con acceso a una cuenta de usuario de Management Console con función de editor podría escalar privilegios a través de una vulne... • https://github.com/convisolabs/CVE-2024-0507_CVE-2024-0200-github • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •