Vulnerabilities > Github > Enterprise Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-07-16 CVE-2024-6395 Unspecified vulnerability in Github Enterprise Server
An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys.
network
low complexity
github
5.3
2024-02-13 CVE-2024-1082 Path Traversal vulnerability in Github Enterprise Server
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball.
network
low complexity
github CWE-22
6.5
2024-02-13 CVE-2024-1084 Cross-site Scripting vulnerability in Github Enterprise Server
Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens.
network
low complexity
github CWE-79
6.1
2023-12-21 CVE-2023-46645 Path Traversal vulnerability in Github Enterprise Server
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site.
network
low complexity
github CWE-22
4.9
2023-12-21 CVE-2023-46646 Authorization Bypass Through User-Controlled Key vulnerability in Github Enterprise Server
Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint.
network
low complexity
github CWE-639
5.3
2023-12-21 CVE-2023-51379 Incorrect Authorization vulnerability in Github Enterprise Server
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token.
network
low complexity
github CWE-863
4.9
2023-12-21 CVE-2023-51380 Incorrect Authorization vulnerability in Github Enterprise Server
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
network
low complexity
github CWE-863
4.3
2023-12-21 CVE-2023-6746 Information Exposure Through Log Files vulnerability in Github Enterprise Server
An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques.
network
high complexity
github CWE-532
5.7
2023-12-21 CVE-2023-6802 Information Exposure Through Log Files vulnerability in Github Enterprise Server
An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console.
network
low complexity
github CWE-532
6.5
2023-12-21 CVE-2023-6803 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Github Enterprise Server
A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred.
local
high complexity
github CWE-367
4.0