CVE-2025-8447 (CNNVD-202508-3144)
中文标题:
GitHub Enterprise Server 安全漏洞
英文标题:
Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed read-only access
漏洞描述
中文描述:
GitHub Enterprise Server是美国GitHub开源的一个应用软件。提供一个将自己的GitHub实例设置为虚拟设备,从而提供可扩展,易于管理的平台。 GitHub Enterprise Server 3.18之前版本存在安全漏洞,该漏洞源于访问控制不当,可能导致未经授权检索代码内容。
英文描述:
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by creating a diff between the repositories. To exploit this vulnerability, an attacker needed to know the name of a private repository along with its branches, tags, or commit SHAs that they could use to trigger compare/diff functionality and retrieve limited code without proper authorization. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18, and was fixed in versions 3.14.17, 3.15.12, 3.16.8 and 3.17.5. This vulnerability was reported via the GitHub Bug Bounty program.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| GitHub | Enterprise Server | - | ≤ 3.14.16 | - |
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
|
| github | enterprise_server | * | - | - |
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
4.0 (cna)
HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-8447 |
2025-11-11 15:23:37 | 2025-11-11 07:40:53 |
| NVD | nvd_CVE-2025-8447 |
2025-11-11 15:01:00 | 2025-11-11 07:48:39 |
| CNNVD | cnnvd_CNNVD-202508-3144 |
2025-11-11 15:12:54 | 2025-11-11 08:00:07 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202508-3144
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 4 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']