GitHub Enterprise Server 3.9.0
Approved changes feed: RSS · Atom
cpe:2.3:a:github:enterprise_server:3.9.0:*:*:*:*:*:*:*
part: a version: 3.9.0 update: *
| Vendor | Github (b5027ca2-9bb9-532e-8779-8399b14c3e3b) |
|---|---|
| Product | Enterprise Server (be636c4e-08d4-5a4d-9a30-88523db2c7b7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-3646 |
vulnerable | 2026-06-03 14:56:31.562978 |
Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console
HIGH (8)
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.12.2, 3.11.8, 3.10.10, and 3.9.13. This vulnerability was reported via the GitHub Bug Bounty program.
Published: 2024-04-19T14:21:47.779Z
Updated: 2024-08-01T20:20:00.135Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2440 |
vulnerable | 2026-06-03 14:55:29.248181 |
Race Condition was identified in GitHub Enterprise Server that allowed maintaining admin permissions
MEDIUM (5.5)
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.9.13, 3.10.10, 3.11.8 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.
Published: 2024-04-19T17:02:29.144Z
Updated: 2024-08-01T19:11:53.576Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23765 |
vulnerable | 2026-06-03 14:49:28.618133 |
Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
MEDIUM (4.8)
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .
Published: 2023-08-30T22:33:40.932Z
Updated: 2024-09-27T14:22:23.490Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23764 |
vulnerable | 2026-06-03 14:49:28.617552 |
Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
MEDIUM (4.8)
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.
Published: 2023-07-27T20:45:19.973Z
Updated: 2024-10-16T20:11:49.691Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.