📦 Enterprise Server
by Github
🔍 What is Enterprise Server?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
An authenticated attacker on GitHub Enterprise Server could exploit an insecure URL redirect in the repository_pages API to leak privileged JWT tokens. This could lead to remote code execution by usin...
This DOM-based XSS vulnerability in GitHub Enterprise Server allows attackers to execute malicious scripts when users click crafted links in Issues search label filters. It affects all GitHub Enterpri...
This CVE describes a path collision vulnerability in GitHub Enterprise Server that allows container escape and arbitrary code execution with root privileges. It affects all versions prior to 3.15 and ...
This vulnerability allows attackers to bypass SAML SSO authentication in GitHub Enterprise Server by exploiting improper cryptographic signature verification. Attackers can provision unauthorized user...
An XML signature wrapping vulnerability in GitHub Enterprise Server's SAML authentication allows attackers with network access to forge SAML responses and gain administrator access without authenticat...
This CVE describes an authentication bypass vulnerability in GitHub Enterprise Server when using SAML SSO with encrypted assertions. Attackers can forge SAML responses to create or access site adminis...
A command injection vulnerability in GitHub Enterprise Server allows attackers with editor role access to the Management Console to execute arbitrary commands and gain admin SSH access to the applianc...
A command injection vulnerability in GitHub Enterprise Server allows attackers with editor role access to the Management Console to gain admin SSH access to the appliance. This occurs when setting use...
A command injection vulnerability in GitHub Enterprise Server allows authenticated users with editor role in the Management Console to execute arbitrary commands and gain admin SSH access when configu...
A command injection vulnerability in GitHub Enterprise Server allows attackers with editor role access to the Management Console to execute arbitrary commands and gain admin SSH access via the actions...
This CVE describes a privilege escalation vulnerability in GitHub Enterprise Server where authenticated enterprise administrators could gain root SSH access by exploiting symlink escape in pre-receive...
A cross-site scripting vulnerability in GitHub Enterprise Server allows attackers to inject malicious scripts into math blocks using $$..$$ delimiters. This affects organizations running GitHub Enterp...
A code injection vulnerability in GitHub Enterprise Server allows attackers to inject malicious code via the identity property in message handling, enabling DOM manipulation and sensitive data exfiltr...
This vulnerability allows unauthorized internal users to spoof cryptographic signatures in GitHub Enterprise Server, potentially bypassing authentication mechanisms. It affects organizations using SAM...
This CVE describes a Denial of Service vulnerability in GitHub Enterprise Server where an attacker can send a large payload to the Git server, causing unbounded resource exhaustion. This affects all o...
A Server-Side Request Forgery vulnerability in GitHub Enterprise Server allows authenticated site administrators to execute arbitrary code on the server instance. This affects all GitHub Enterprise Se...
A command injection vulnerability in GitHub Enterprise Server allows attackers with editor role access to the Management Console to execute arbitrary commands and gain admin SSH access when configurin...
A command injection vulnerability in GitHub Enterprise Server allows authenticated users with editor role in the Management Console to execute arbitrary commands and gain admin SSH access via syslog-n...
An unsafe reflection vulnerability in GitHub Enterprise Server allows authenticated organization owners to execute arbitrary methods, potentially leading to remote code execution. This affects all Git...
This CVE describes an authentication bypass vulnerability in GitHub Enterprise Server's Private Mode. Attackers with network access can craft API requests to bypass authentication and access private r...
CVE-2023-6746 is an information disclosure vulnerability in GitHub Enterprise Server where sensitive data is logged, potentially enabling man-in-the-middle attacks when combined with phishing. It affe...
This vulnerability allows users with authorized access to the management console with an editor role in GitHub Enterprise Server to escalate their privileges by exploiting an endpoint used for bootstr...
An improper authentication vulnerability in GitHub Enterprise Server allows unauthorized users to modify other users' secret gists by authenticating through an SSH certificate authority. This affects ...
This CVE describes a UI misrepresentation vulnerability in GitHub Enterprise Server where GitHub Apps could gain additional user-level permissions without displaying them to users during repository up...
This CVE describes a UI misrepresentation vulnerability in GitHub Enterprise Server where users granting authorization to GitHub Apps might unknowingly approve additional permissions not displayed dur...
This CVE describes a remote code execution vulnerability in GitHub Enterprise Server where attackers with permission to create GitHub Pages sites could manipulate configuration options to override env...
A Missing Authorization vulnerability in GitHub Enterprise Server allows authenticated attackers to upload unauthorized content to other users' repository migration exports. By exploiting the missing ...
This is a cross-site scripting (XSS) vulnerability in GitHub Enterprise Server's filter/search components that allows attackers with permission to create or modify certain entities (milestones, issues...
An incorrect authorization vulnerability in GitHub Enterprise Server allowed contractor accounts to read internal repository contents when the Contractors API feature was enabled. This affected all ve...
A GitHub App installed in organizations could escalate permissions from read to write access without administrator approval. This vulnerability affects all GitHub Enterprise Server versions prior to 3...
A Cross-Site Scripting (XSS) vulnerability in GitHub Enterprise Server's repository transfer feature allows attackers to inject malicious scripts that can steal sensitive user information through soci...
A suspended GitHub App could retain unauthorized access to public repositories via scoped user access tokens in GitHub Enterprise Server. This incorrect authorization vulnerability affects all GitHub ...
A security misconfiguration in GitHub Enterprise Server allowed unauthorized users to access sensitive information when an organization member changed a dependent repository from private to public. Th...