Vulnerabilities > Github > Enterprise Server > 2.1.15
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-11 | CVE-2024-9539 | Unspecified vulnerability in Github Enterprise Server An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. | 4.3 |
| 2024-10-10 | CVE-2024-9487 | Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. | 9.1 |
| 2024-02-13 | CVE-2024-1082 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. | 6.5 |
| 2024-02-13 | CVE-2024-1084 | Cross-site Scripting vulnerability in Github Enterprise Server Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. | 6.1 |
| 2024-02-13 | CVE-2024-1354 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. | 8.0 |
| 2024-02-13 | CVE-2024-1355 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. | 9.1 |
| 2024-02-13 | CVE-2024-1359 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. | 9.1 |
| 2024-02-13 | CVE-2024-1369 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. | 9.1 |
| 2024-02-13 | CVE-2024-1372 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. | 9.1 |
| 2024-02-13 | CVE-2024-1374 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. | 9.1 |