PT-2025-34727 · Github · Github Enterprise Server
Furbreeze
·
Published
2025-08-26
·
Updated
2026-01-11
·
CVE-2025-8447
CVSS v4.0
7.0
High
| Vector | AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
GitHub Enterprise Server versions prior to 3.18
GitHub Enterprise Server versions 3.14.17
GitHub Enterprise Server versions 3.15.12
GitHub Enterprise Server versions 3.16.8
GitHub Enterprise Server versions 3.17.5
Description:
An improper access control issue was identified in GitHub Enterprise Server that allowed users with repository access to retrieve limited code content from other repositories. An attacker needed to know the name of a private repository, along with its branches, tags, or commit SHAs, to trigger compare/diff functionality and retrieve code without authorization.
Recommendations:
Update to GitHub Enterprise Server version 3.14.17.
Update to GitHub Enterprise Server version 3.15.12.
Update to GitHub Enterprise Server version 3.16.8.
Update to GitHub Enterprise Server version 3.17.5.
Update to GitHub Enterprise Server version 3.18.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Github Enterprise Server