CNNVD-202511-883 Information
CNNVD ID
CNNVD-202511-883
Related CVE
- CNNVD Published: 2025-11-10
Description (Chinese)
GitHub Enterprise Server是美国GitHub开源的一个应用软件。提供一个将自己的GitHub实例设置为虚拟设备,从而提供可扩展,易于管理的平台。 GitHub Enterprise Server 3.18.1之前版本、3.17.7之前版本、3.16.10之前版本、3.15.14之前版本和3.14.19之前版本存在安全漏洞,该漏洞源于Issues搜索标签过滤器输入中和不当,可能导致基于DOM的跨站脚本攻击,进而导致权限提升和未经授权的工作流触发。
Description (English)
GitHub Enterprise Server is an application from GitHub Open Source, United States. Provide an extended and easily managed platform by setting up its GitHub example as a virtual device. Prior to GitHub Enterprise Server 3.18.1, pre-version 3.17.7, pre-version 3.16.10, pre-version 3.15.14 and pre-version 3.14.19, there was a security loophole, which originated from the inappropriate entry of the Issues Search Label Filter and could lead to a DOM-based cross-site script attack, which in turn triggers the increase of authority and unauthorized workflows.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Github
Published
2025-11-10
Last Modified
2026-02-24
References
https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.7 https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.19 https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.14 https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.1 https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.10 https://access.redhat.com/security/cve/cve-2025-11892
Patch
https://docs.github.com/en/enterprise-server@3.18/admin/all-releases
Share on: