Vulnerabilities > Github > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-11-14 CVE-2024-52308 Unspecified vulnerability in Github CLI
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands.
network
low complexity
github
critical
9.6
2024-10-10 CVE-2024-9487 Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance.
network
low complexity
github CWE-347
critical
9.1
2024-08-20 CVE-2024-6800 Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML.
network
low complexity
github CWE-347
critical
9.8
2024-02-13 CVE-2024-1355 Command Injection vulnerability in Github Enterprise Server
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL.
network
low complexity
github CWE-77
critical
9.1
2024-02-13 CVE-2024-1359 Command Injection vulnerability in Github Enterprise Server
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy.
network
low complexity
github CWE-77
critical
9.1
2024-02-13 CVE-2024-1369 Command Injection vulnerability in Github Enterprise Server
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations.
network
low complexity
github CWE-77
critical
9.1
2024-02-13 CVE-2024-1372 Command Injection vulnerability in Github Enterprise Server
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings.
network
low complexity
github CWE-77
critical
9.1
2024-02-13 CVE-2024-1374 Command Injection vulnerability in Github Enterprise Server
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding.
network
low complexity
github CWE-77
critical
9.1
2024-02-13 CVE-2024-1378 Command Injection vulnerability in Github Enterprise Server
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options.
network
low complexity
github CWE-77
critical
9.1
2024-01-16 CVE-2024-0200 Unsafe Reflection vulnerability in Github Enterprise Server
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection.
network
low complexity
github CWE-470
critical
9.8