Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Enterprise Server

Source -

CNA

CNA CVEs -

53

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
53Vulnerabilities found
CVE-2023-23761
Assigner-GitHub, Inc. (Products Only)
ShareView Details
Assigner-GitHub, Inc. (Products Only)
CVSS Score-7.7||HIGH
EPSS-0.07% / 22.42%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 18:41
Updated-07 Feb, 2025 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper authentication vulnerability in GitHub Enterprise Server leading to modification of secret gists

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist's URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.

Action-Not Available
Vendor-GitHub, Inc.
Product-enterprise_serverEnterprise Server
CWE ID-CWE-287
Improper Authentication
CVE-2023-23760
Assigner-GitHub, Inc. (Products Only)
ShareView Details
Assigner-GitHub, Inc. (Products Only)
CVSS Score-4.9||MEDIUM
EPSS-0.43% / 61.66%
||
7 Day CHG~0.00%
Published-08 Mar, 2023 | 18:43
Updated-28 Feb, 2025 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path traversal in GitHub Enterprise Server leading to remote code execution

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program.

Action-Not Available
Vendor-GitHub, Inc.
Product-enterprise_serverEnterprise Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-22381
Assigner-GitHub, Inc. (Products Only)
ShareView Details
Assigner-GitHub, Inc. (Products Only)
CVSS Score-4.1||MEDIUM
EPSS-0.11% / 30.22%
||
7 Day CHG~0.00%
Published-02 Mar, 2023 | 20:54
Updated-05 Mar, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code injection in GitHub Enterprise Server leading to arbitrary environment variables in GitHub Actions

A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to control the value of environment variables for use with GitHub Actions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.8.0 and was fixed in versions 3.4.15, 3.5.12, 3.6.8, 3.7.5. This vulnerability was reported via the GitHub Bug Bounty program.

Action-Not Available
Vendor-GitHub, Inc.
Product-enterprise_serverEnterprise Server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • Next