CVE-2025-23369

High CVSS: 7.6

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0. This vulnerability was reported via the GitHub Bug Bounty program.

Vendor

Github

Product

Enterprise Server

CWE

CWE-347

Yayın Tarihi

2025-01-21 19:15:12

Güncelleme

2025-09-05 15:00:09

Source Identifier

product-cna@github.com

KEV Date Added

Kategoriler

CWE-347 Enterprise Server HIGH Github 2025

Referanslar

https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.14 https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.10 https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.7 https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.2

Benzer Kayıtlar

Medium

CVE-2026-3582

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user w…

High

CVE-2026-2266

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cros…

High

CVE-2026-3854

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an…

Medium

CVE-2026-3306

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access…

High

CVE-2026-1999

A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an authentica…

Medium

CVE-2026-1355

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unau…