CVE-2025-3124

MEDIUM Year: 2025
Weakness Type
CWE-862
View all →

Vulnerability Description

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only using the `archived:` filter and all other access controls were functioning normally. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.13.14, 3.14.11, 3.15.6, and 3.16.2.

Related Vulnerabilities

CVE-2021-37535

CRITICAL
CVSS:10.0(Critical)

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.

CWE-8622021

CVE-2022-0543

CRITICAL
CVSS:10.0(Critical)

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

CWE-8622022

CVE-2024-33566

CRITICAL
CVSS:10.0(Critical)

Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4.

CWE-8622024

CVE-2024-52416

CRITICAL
CVSS:10.0(Critical)

Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through 2.2.

CWE-8622024

CVE-2024-6071

CRITICAL
CVSS:10.0(Critical)

PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.

CWE-8622024

CVE-2024-6500

CRITICAL
CVSS:10.0(Critical)

The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parse_request' function in all...

CWE-8622024