Github Enterprise 漏洞列表
共找到 6 个与 Github Enterprise 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2024-9487: GitHub Enterprise - SAML Authentication Bypass POC
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was reported via the GitHub Bug Bounty program. -
CVE-2024-0200: Github Enterprise Authenticated Remote Code Execution POC
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. -
GitHub GitHub Enterprise Server 签名验证不当漏洞 无POC
GitHub GitHub Enterprise Server 签名验证不当漏洞 -
GitHub Enterprise Server 未授权 身份验证缺陷漏洞 无POC
GitHub Enterprise Server 未授权 身份验证缺陷漏洞 -
GitHub Enterprise Server 远程代码执行漏洞 无POC
GitHub Enterprise Server 远程代码执行漏洞 -
GitHub Enterprise Server 日志信息泄露漏洞 无POC
GitHub Enterprise Server是美国GitHub开源的一个应用软件。提供一个将自己的GitHub实例设置为虚拟设备,从而提供可扩展,易于管理的平台。 GitHub Enterprise Server 3.17.19之前、3.8.12之前、3.9.7之前、3.10.4之前和 3.11.1之前版本存在日志信息泄露漏洞,该漏洞源于后端服务的日志文件存在敏感信息,当与其他网络钓鱼技术结合使用时,可能导致中间人攻击。