PT-2026-1508 · Github · Github Enterprise Server
Johan Carlsson
+1
·
Publicado
2026-01-06
·
Atualizado
2026-01-30
·
CVE-2025-13744
CVSS v4.0
8.4
Alta
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:H/SA:N |
Name of the Vulnerable Software and Affected Versions
GitHub Enterprise Server versions prior to 3.20
GitHub Enterprise Server versions 3.14.20
GitHub Enterprise Server versions 3.15.15
GitHub Enterprise Server versions 3.16.11
GitHub Enterprise Server versions 3.17.8
GitHub Enterprise Server versions 3.18.2
GitHub Enterprise Server versions 3.19.1
Description
An Improper Neutralization of Input During Web Page Generation issue exists in GitHub Enterprise Server. This allows an attacker to render attacker-controlled HTML via the Filter component (search) across GitHub, potentially leading to the exfiltration of sensitive information. An attacker requires permissions to create or modify the names of milestones, issues, pull requests, or similar entities rendered in the vulnerable filter/search components to exploit this issue.
Recommendations
Update GitHub Enterprise Server to version 3.20 or later.
Update GitHub Enterprise Server to version 3.19.1.
Update GitHub Enterprise Server to version 3.18.2.
Update GitHub Enterprise Server to version 3.17.8.
Update GitHub Enterprise Server to version 3.16.11.
Update GitHub Enterprise Server to version 3.15.15.
Update GitHub Enterprise Server to version 3.14.20.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Github Enterprise Server