Github Enterprise Server
Approved changes feed: RSS · Atom
cpe:2.3:a:github:enterprise_server:-:*:*:*:*:*:*:*
part: a version: - update: *
| Vendor | Github (b5027ca2-9bb9-532e-8779-8399b14c3e3b) |
|---|---|
| Product | Enterprise Server (be636c4e-08d4-5a4d-9a30-88523db2c7b7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-6800 |
not_vulnerable | 2026-06-03 14:58:04.196376 |
Details available
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.
Published: 2024-08-20T19:21:31.409Z
Updated: 2024-08-22T14:18:09.305Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4985 |
vulnerable | 2026-06-03 14:57:16.661956 |
Details available
An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13.0 and was fixed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4. This vulnerability was reported via the GitHub Bug Bounty program.
Published: 2024-05-20T21:17:27.315Z
Updated: 2024-08-01T20:55:10.505Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3684 |
vulnerable | 2026-06-03 14:56:31.729575 |
Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console
HIGH (8)
A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.12.2, 3.11.8, 3.10.10, and 3.9.13. This vulnerability was reported via the GitHub Bug Bounty program.
Published: 2024-04-19T14:25:24.638Z
Updated: 2024-08-01T20:20:00.537Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3470 |
vulnerable | 2026-06-03 14:56:24.453999 |
Repository administrator can bypass organization's ruleset using deploy keys
MEDIUM (5.9)
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as well as repository administrator access. This vulnerability affected versions of GitHub Enterprise Server 3.11 to 3.12 and was fixed in versions 3.11.8 and 3.12.2. This vulnerability was reported via the GitHub Bug Bounty program.
Published: 2024-04-19T14:17:47.071Z
Updated: 2024-08-01T20:12:07.311Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2469 |
vulnerable | 2026-06-03 14:55:29.327512 |
Remote Code Execution in GitHub Enterprise Server Allowed Administrators to gain SSH access to the appliance
HIGH (8)
An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.
Published: 2024-03-20T22:56:03.451Z
Updated: 2025-04-10T20:16:44.625Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1369 |
vulnerable | 2026-06-03 14:54:26.789871 |
Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
CRITICAL (9.1)
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .
Published: 2024-02-13T18:53:29.406Z
Updated: 2024-08-27T19:10:24.405Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0507 |
vulnerable | 2026-06-03 14:54:02.862408 |
Privilege Escalation by Code Injection in the Management Console in GitHub Enterprise Server
MEDIUM (6.5)
An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.
Published: 2024-01-16T18:51:28.374Z
Updated: 2024-10-22T15:50:55.430Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0200 |
vulnerable | 2026-06-03 14:54:01.880518 |
Unsafe Reflection in Github Enterprise Server leading to Command Injection
HIGH (7.2)
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.
Published: 2024-01-16T18:50:48.931Z
Updated: 2024-08-01T17:41:16.005Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.