CVE-2025-3124

Medium CVSS: 5.3

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only using the `archived:` filter and all other access controls were functioning normally. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.13.14, 3.14.11, 3.15.6, and 3.16.2.

Vendor

Github

Product

Enterprise Server

CWE

CWE-862

Yayın Tarihi

2025-04-17 23:15:41

Güncelleme

2025-09-05 15:00:04

Source Identifier

product-cna@github.com

KEV Date Added

Kategoriler

CWE-862 Enterprise Server MEDIUM Github 2025

Referanslar

https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.14 https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.11 https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.6 https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.2

Benzer Kayıtlar

Medium

CVE-2026-3582

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user w…

High

CVE-2026-2266

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cros…

High

CVE-2026-3854

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an…

Medium

CVE-2026-3306

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access…

High

CVE-2026-1999

A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an authentica…

Medium

CVE-2026-1355

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unau…