Common vulnerabilities and Exposures (CVE)

Skip to main content

Required CVE Record Information

Description

A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.

CVSS 1 Total

Learn more
ScoreSeverityVersionVector String
5.8MEDIUM4.0CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N

Product Status

Learn more

Versions 5 Total

Default Status: affected

affected

  • affected from 3.14 through 3.14.0 

    • unaffected from 3.14.1 

  • affected from 3.13.0 through 3.13.3 

    • unaffected from 3.13.4 

  • affected from 3.12.0 through 3.12.8 

    • unaffected from 3.12.9 

  • affected from 3.11.0 through 3.11.14 

    • unaffected from 3.11.15 

  • affected from 3.10.0 through 3.10.16 

    • unaffected from 3.10.17 

Credits

  • R31n finder

Authorized Data Publishers

Learn more