enterprise server · threatengine.sh

Home/Product/github enterprise server

Product

github enterprise server

157 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

>= 3.19.1 and < 3.19.6

A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could a

A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause ser

An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to crea

A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract

An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to deter

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authentica

An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a clas

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cross-site scr

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker w

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repos

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pu

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized c

An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sen

>= 3.14.0 and < 3.14.20

An Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allow

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed user-supplied HTML to in

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scri

>= 3.14.0 and < 3.14.20

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any reposito

An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor

>= 3.17.0 and < 3.17.2

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disc

A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private r

A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signatur

>= 3.10.0 and < 3.10.17

A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organiza

>= 3.13.0 and < 3.13.2

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to acces

A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container esca

An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the at

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO

>= 3.10.0 and < 3.10.17

A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which al

>= 3.10.0 and < 3.10.17

An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through

>= 3.11.0 and < 3.11.14

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, ass

>= 3.10.0 and < 3.10.16

An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specifi

>= 3.10.0 and < 3.10.16

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: r

>= 3.9.0 and < 3.9.17

An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of p

>= 3.9.0 and < 3.9.17

A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized use

>= 3.9.0 and < 3.9.17

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via

>= 3.9.0 and < 3.9.17

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain

>= 3.9.0 and < 3.9.17

A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by ex

>= 3.9.0 and < 3.9.17

A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource

>= 3.9.0 and < 3.9.17

An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes def

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Admi

An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authe

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor rol

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M

>= 3.11.0 and < 3.11.8

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Ent

A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthor

An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vul

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M

>= 3.8.0 and < 3.9.10

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branche

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the M

Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious websi

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read perm

An attacker with access to a Management Console user account with the editor role could escalate privileges through a command inje

>= 3.8.0 and < 3.8.13

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulner

>= 3.9.0 and < 3.9.7

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using

>= 3.8.0 and < 3.8.12

Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this,

>= 3.8.0 and < 3.8.12

A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. T

>= 3.8.0 and < 3.8.12

An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could al

>= 3.7.0 and < 3.7.19

An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server b

>= 3.8.0 and < 3.8.12

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by maki

>= 3.7.0 and < 3.7.19

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an

>= 3.7.0 and < 3.7.19

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with

>= 3.7.0 and < 3.7.19

A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an

>= 3.8.0 and < 3.8.12

An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a

>= 3.8.0 and < 3.8.12

Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management co

>= 3.7.0 and < 3.7.19

Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via

>= 3.7.0 and < 3.7.19

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitH

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an in

User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, En

>= 3.6.0 and < 3.6.18

An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to

>= 3.6.0 and < 3.6.16

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an in

>= 3.7.0 and < 3.7.9

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an in

A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used i

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an in

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify o

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHu

>= 3.3.0 and < 3.3.17

An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added t

A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables fro

>= 3.7.0 and < 3.7.6

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitH

An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in Grap

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with re

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHu

An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabl

An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privile

CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server

>= 3.2.0 and < 3.2.20

An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access privat

A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote

>= 3.3.0 and < 3.3.11

A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This inj

A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF prote

>= 3.0.0 and < 3.0.21

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pa

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during

A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to r

>= 3.0.0 and < 3.0.16

An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner gro

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages sit

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages sit

>= 2.20.0 and < 2.22.13

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a Gi

>= 2.21.0 and < 2.21.17

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pa

Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to vers

Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all versio

Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, versio

servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XS

Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web

A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1

A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3,

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Ent

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration

An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise De

A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Fo

Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows r

Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows r

Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows r

Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows r

The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, whic

BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during excep

BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, En

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, a

Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2

Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1)

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code v

The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Aut

Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6,

The Web Publishing feature in Netscape Enterprise Server 3.x allows remote attackers to cause a denial of service via the REVLOG c

The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories und

Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and

Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to

Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a

Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing t

Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for

Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET

Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack usin

Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTT

Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.

Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attacke

Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.

Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.

Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.

Netscape Enterprise servers may list files through the PageServices query.

Information from SSL-encrypted sessions via PKCS #1.

Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.

List of arbitrary files on Web host via nph-test-cgi script.

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin