Vulnerabilities > Github > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-16 | CVE-2024-6395 | Unspecified vulnerability in Github Enterprise Server An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. | 5.3 |
| 2024-02-22 | CVE-2024-25129 | XXE vulnerability in Github Codeql CLI The CodeQL CLI repo holds binaries for the CodeQL command line interface (CLI). | 5.5 |
| 2024-02-14 | CVE-2024-1482 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. | 6.5 |
| 2024-02-13 | CVE-2024-1082 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. | 6.5 |
| 2024-02-13 | CVE-2024-1084 | Cross-site Scripting vulnerability in Github Enterprise Server Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. | 6.1 |
| 2023-12-21 | CVE-2023-46645 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. | 4.9 |
| 2023-12-21 | CVE-2023-46646 | Authorization Bypass Through User-Controlled Key vulnerability in Github Enterprise Server Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. | 5.3 |
| 2023-12-21 | CVE-2023-51379 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. | 4.9 |
| 2023-12-21 | CVE-2023-51380 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | 4.3 |
| 2023-12-21 | CVE-2023-6746 | Information Exposure Through Log Files vulnerability in Github Enterprise Server An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. | 5.7 |