CVE-2025-6981

Medium CVSS: 5.3

An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18 and was fixed in versions 3.14.15, 3.15.10, 3.16.6 and 3.17.3

Vendor

Github

Product

Enterprise Server

CWE

CWE-863

Yayın Tarihi

2025-07-15 21:15:34

Güncelleme

2025-08-27 14:41:04

Source Identifier

product-cna@github.com

KEV Date Added

Kategoriler

CWE-863 Enterprise Server MEDIUM Github 2025

Referanslar

https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.15 https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.10 https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.6 https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.3

Benzer Kayıtlar

Medium

CVE-2026-3582

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user w…

High

CVE-2026-2266

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed DOM-based cros…

High

CVE-2026-3854

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an…

Medium

CVE-2026-3306

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access…

High

CVE-2026-1999

A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an authentica…

Medium

CVE-2026-1355

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unau…