Vulnerabilities > Github > Enterprise Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-14 | CVE-2022-23741 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. | 7.2 |
| 2022-12-14 | CVE-2022-46255 | Path Traversal vulnerability in Github Enterprise Server 3.7.0 An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. | 9.8 |
| 2022-12-14 | CVE-2022-46256 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. | 8.8 |
| 2022-12-01 | CVE-2022-23737 | Improper Privilege Management vulnerability in Github Enterprise Server An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. | 6.5 |
| 2022-11-23 | CVE-2022-23740 | Argument Injection or Modification vulnerability in Github Enterprise Server 3.7.0 CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. | 8.8 |
| 2022-11-01 | CVE-2022-23738 | Files or Directories Accessible to External Parties vulnerability in Github Enterprise Server An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. | 5.7 |
| 2022-10-19 | CVE-2022-23734 | Deserialization of Untrusted Data vulnerability in Github Enterprise Server A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. | 8.8 |
| 2022-08-02 | CVE-2022-23733 | Cross-site Scripting vulnerability in Github Enterprise Server A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. | 5.4 |
| 2022-04-05 | CVE-2022-23732 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. | 8.8 |
| 2022-02-18 | CVE-2021-41599 | Unspecified vulnerability in Github Enterprise Server A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. | 8.8 |