Vulnerabilities > Github > Enterprise Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-11 CVE-2024-9539 Unspecified vulnerability in Github Enterprise Server
An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page.
network
low complexity
github
4.3
2024-09-23 CVE-2024-8770 Cross-site Scripting vulnerability in Github Enterprise Server
A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.
network
low complexity
github CWE-79
6.1
2024-08-20 CVE-2024-6337 Incorrect Authorization vulnerability in Github Enterprise Server
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository.
network
low complexity
github CWE-863
6.5
2024-08-20 CVE-2024-7711 Incorrect Authorization vulnerability in Github Enterprise Server
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository.
network
low complexity
github CWE-863
4.3
2024-07-16 CVE-2024-5566 Unspecified vulnerability in Github Enterprise Server
An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token.
network
low complexity
github
6.5
2024-07-16 CVE-2024-5795 Resource Exhaustion vulnerability in Github Enterprise Server
A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server.
network
low complexity
github CWE-400
6.5
2024-07-16 CVE-2024-5815 Cross-Site Request Forgery (CSRF) vulnerability in Github Enterprise Server
A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types.
network
low complexity
github CWE-352
6.5
2024-07-16 CVE-2024-5816 Incorrect Authorization vulnerability in Github Enterprise Server
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token.
network
low complexity
github CWE-863
5.3
2024-07-16 CVE-2024-5817 Incorrect Authorization vulnerability in Github Enterprise Server
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects.
network
low complexity
github CWE-863
6.5
2024-07-16 CVE-2024-6336 Unspecified vulnerability in Github Enterprise Server
A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature.
network
low complexity
github
5.3