Vulnerabilities > Github > Enterprise Server > 3.11.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2024-1369 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. | 9.1 |
| 2024-02-13 | CVE-2024-1372 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. | 9.1 |
| 2024-02-13 | CVE-2024-1374 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. | 9.1 |
| 2024-02-13 | CVE-2024-1378 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. | 9.1 |
| 2024-01-16 | CVE-2024-0200 | Unsafe Reflection vulnerability in Github Enterprise Server An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. | 9.8 |
| 2024-01-16 | CVE-2024-0507 | Command Injection vulnerability in Github Enterprise Server An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. | 8.8 |
| 2023-12-21 | CVE-2023-46648 | Insufficient Entropy vulnerability in Github Enterprise Server An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. | 7.5 |
| 2023-12-21 | CVE-2023-46649 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Github Enterprise Server A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. | 7.0 |
| 2023-12-21 | CVE-2023-51379 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. | 4.9 |
| 2023-12-21 | CVE-2023-51380 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | 4.3 |