Enterprise Server
Monthly
GitHub Enterprise Server allows authenticated users with limited personal access tokens to access private and internal repository data through the search API if they already have some level of access to those repositories via organization membership or collaborator status. This authorization bypass affects versions prior to 3.20 and enables information disclosure despite the tokens lacking the necessary repository scope permissions. No patch is currently available for this MEDIUM severity vulnerability.
DOM-based XSS in GitHub Enterprise Server prior to version 3.20 allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by injecting malicious HTML through task list content in issues and pull requests. The vulnerability stems from improper input neutralization in the task list rendering logic, which fails to re-encode user-supplied content before display. An attacker with repository access could exploit this to steal session tokens or perform actions on behalf of other users.
Remote code execution in GitHub Enterprise Server allows authenticated users with repository push access to execute arbitrary code via unsanitized push option values that bypass internal header validation. An attacker can inject malicious metadata fields by exploiting insufficient input sanitization in the git push operation handler. This high-severity vulnerability affects GitHub Enterprise Server versions prior to 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and 3.19.3, with no patch currently available for all affected installations.
GitHub Enterprise Server allows users with read-only repository access and project write permissions to modify issue and pull request metadata by exploiting insufficient authorization checks when updating project items. An attacker with these limited permissions can alter sensitive metadata without the required repository write access, potentially disrupting workflow management and data integrity. This vulnerability affects multiple versions and currently has no publicly available patch.
GitHub Enterprise Server versions before 3.20 contain an authorization bypass in the repository migration upload endpoint that permits authenticated attackers to inject malicious content into other users' migration exports. An attacker can overwrite a victim's migration archive and cause them to download compromised repository data during restoration or automated imports. No patch is currently available, affecting all versions prior to 3.20.
URL redirection vulnerability in GitHub Enterprise Server allows attacker-controlled redirects through crafted URLs, potentially enabling credential theft via phishing.
An Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed attacker controlled HTML to be rendered by the Filter component (search) across GitHub that could be used to exfiltrate sensitive information. [CVSS 5.4 MEDIUM]
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpoint. Successful exploitation required an organization administrator to install a malicious GitHub App in the organization’s repositories. This vulnerability impacted only GitHub Enterprise Server version 3.17 and was addressed in version 3.17.2. The vulnerability was reported through the GitHub Bug Bounty program.
A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used `$$..$$` math blocks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable. No vendor patch available.
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 11.8% and no vendor patch available.
GitHub Enterprise Server allows authenticated users with limited personal access tokens to access private and internal repository data through the search API if they already have some level of access to those repositories via organization membership or collaborator status. This authorization bypass affects versions prior to 3.20 and enables information disclosure despite the tokens lacking the necessary repository scope permissions. No patch is currently available for this MEDIUM severity vulnerability.
DOM-based XSS in GitHub Enterprise Server prior to version 3.20 allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by injecting malicious HTML through task list content in issues and pull requests. The vulnerability stems from improper input neutralization in the task list rendering logic, which fails to re-encode user-supplied content before display. An attacker with repository access could exploit this to steal session tokens or perform actions on behalf of other users.
Remote code execution in GitHub Enterprise Server allows authenticated users with repository push access to execute arbitrary code via unsanitized push option values that bypass internal header validation. An attacker can inject malicious metadata fields by exploiting insufficient input sanitization in the git push operation handler. This high-severity vulnerability affects GitHub Enterprise Server versions prior to 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and 3.19.3, with no patch currently available for all affected installations.
GitHub Enterprise Server allows users with read-only repository access and project write permissions to modify issue and pull request metadata by exploiting insufficient authorization checks when updating project items. An attacker with these limited permissions can alter sensitive metadata without the required repository write access, potentially disrupting workflow management and data integrity. This vulnerability affects multiple versions and currently has no publicly available patch.
GitHub Enterprise Server versions before 3.20 contain an authorization bypass in the repository migration upload endpoint that permits authenticated attackers to inject malicious content into other users' migration exports. An attacker can overwrite a victim's migration archive and cause them to download compromised repository data during restoration or automated imports. No patch is currently available, affecting all versions prior to 3.20.
URL redirection vulnerability in GitHub Enterprise Server allows attacker-controlled redirects through crafted URLs, potentially enabling credential theft via phishing.
An Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed attacker controlled HTML to be rendered by the Filter component (search) across GitHub that could be used to exfiltrate sensitive information. [CVSS 5.4 MEDIUM]
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpoint. Successful exploitation required an organization administrator to install a malicious GitHub App in the organization’s repositories. This vulnerability impacted only GitHub Enterprise Server version 3.17 and was addressed in version 3.17.2. The vulnerability was reported through the GitHub Bug Bounty program.
A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used `$$..$$` math blocks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable. No vendor patch available.
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 11.8% and no vendor patch available.