resolved
Arbitrary Read of Another Users private repository without Authorization
Bug reported by Dave was disclosed at September 23, 2025, 10:18 pm | Insecure Direct Object Reference (IDOR)
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by creating a diff between the repositories. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18, and was fixed in versions 3.14.17, 3.15.12, 3.16.8 and 3.17.5.
resolved
Stored XSS via LINK Name.
Bug reported by was disclosed at September 23, 2025, 12:17 pm | Cross-site Scripting (XSS) - Stored
The LINK NAME was not properly escaped at the Templates page, leading to Stored XSS. The name was reflected in the <script> tag, and due to lack of sanitization, the user could break out of the tag and execute the XSS.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
