Vulnerabilities > Github > Enterprise Server > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-21 | CVE-2023-6804 | Improper Privilege Management vulnerability in Github Enterprise Server Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. | 5.5 |
2023-09-22 | CVE-2023-23766 | Incorrect Comparison vulnerability in Github Enterprise Server An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. | 6.5 |
2023-09-01 | CVE-2023-23763 | Missing Authorization vulnerability in Github Enterprise Server An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. | 5.3 |
2023-08-30 | CVE-2023-23765 | Incorrect Comparison vulnerability in Github Enterprise Server An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. | 6.5 |
2023-04-07 | CVE-2023-23761 | Improper Authentication vulnerability in Github Enterprise Server An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. | 5.3 |
2023-04-07 | CVE-2023-23762 | Incorrect Comparison vulnerability in Github Enterprise Server An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. | 5.3 |
2023-03-07 | CVE-2022-46257 | Exposure of Resource to Wrong Sphere vulnerability in Github Enterprise Server An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. | 4.3 |
2023-02-16 | CVE-2023-22380 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. | 6.5 |
2023-01-09 | CVE-2022-46258 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. | 6.5 |
2022-12-01 | CVE-2022-23737 | Improper Privilege Management vulnerability in Github Enterprise Server An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. | 6.5 |