Vulnerabilities > Github > Enterprise Server > 3.9.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-11 | CVE-2024-9539 | Unspecified vulnerability in Github Enterprise Server An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. | 4.3 |
| 2024-10-10 | CVE-2024-9487 | Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. | 9.1 |
| 2024-07-16 | CVE-2024-5566 | Unspecified vulnerability in Github Enterprise Server An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. | 6.5 |
| 2024-07-16 | CVE-2024-5795 | Resource Exhaustion vulnerability in Github Enterprise Server A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. | 6.5 |
| 2024-07-16 | CVE-2024-5815 | Cross-Site Request Forgery (CSRF) vulnerability in Github Enterprise Server A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. | 6.5 |
| 2024-07-16 | CVE-2024-5816 | Incorrect Authorization vulnerability in Github Enterprise Server An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. | 5.3 |
| 2024-07-16 | CVE-2024-5817 | Incorrect Authorization vulnerability in Github Enterprise Server An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. | 6.5 |
| 2024-07-16 | CVE-2024-6336 | Unspecified vulnerability in Github Enterprise Server A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. | 5.3 |
| 2024-07-16 | CVE-2024-6395 | Unspecified vulnerability in Github Enterprise Server An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. | 5.3 |
| 2024-02-14 | CVE-2024-1482 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. | 6.5 |