CVE-2025-8447 in GitHubinformazioni

Riassunto

di MITRE • 26/08/2025

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by creating a diff between the repositories. To exploit this vulnerability, an attacker needed to know the name of a private repository along with its branches, tags, or commit SHAs that they could use to trigger compare/diff functionality and retrieve limited code without proper authorization. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18, and was fixed in versions 3.14.17, 3.15.12, 3.16.8 and 3.17.5. This vulnerability was reported via the GitHub Bug Bounty program.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsabile

GitHub P

Prenotare

31/07/2025

Divulgazione

26/08/2025

Moderazione

accettato

CPE

pronto

EPSS

0.00283

KEV

no

Attività

molto basso

Fonti

Do you need the next level of professionalism?

Upgrade your account now!