—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in GitHub Enterprise Server (GHES) 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

GitHub Enterprise Server (GHES) versions:

Versions prior to v3.18.1

v3.17.0 through 3.17.6

v3.16.0 through 3.16.9

v3.15.0 through 3.15.13

v3.14.0 through 3.14.18

Overview

Multiple vulnerabilities have been identified in GitHub Enterprise Server (GHES) that may allow an attacker to execute arbitrary code and perform DOM-based cross-site scripting (XSS) attacks on the targeted system.

Target Audience:

Users of affected GitHub Enterprise Server (GHES).

Risk Assessment:

High risk of remote code execution and session hijacking.

Impact Assessment:

Potential for privilege escalation, account takeover and system compromise.

Description

GitHub Enterprise Server (GHES) is a self-hosted version of GitHub designed for enterprises to securely manage, develop, and collaborate on code within their own infrastructure. Redis is an open source, in-memory database that persists on disk.

These vulnerabilities exist due to improper input validation and insufficient sanitization within users¿ browsers. An attacker could exploit the vulnerability by crafting a malicious label: value that is injected into the Document Object Model (DOM). This could be triggered when a victim visits a specially crafted Issues search URL. Additionally, a vulnerability in Redis allowed an authenticated user to execute a specially crafted Lua script to manipulate the Redis garbage collector.

Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code and perform DOM-based cross-site scripting (XSS) attacks on the targeted system.

Solution

Users are advised to upgrade to the latest versions as per GitHub Advisory

GHES 3.18.1

GHES 3.17.7

GHES 3.16.10

GHES 3.15.14

GHES 3.14.19

Vendor Information

 

https://docs.github.com/en/enterprise-server@3.18/admin/release-notes

CVE Name

CVE-2025-49844

CVE-2025-11892

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkV47QACgkQ3jCgcSdc

ys+ssQ//XkjbrPeqiujgzv0b3gd07yifSwdkygXIt9U9V1482VEe8YJjEvoSWSrN

1KyPSp4X3XKa1tkkd/4m4mYU8JBXIDR7/EZ42lyOmoYAa0CEfV2nDfuUaNzK3yYR

b07S0uAiILGgysvEFvdVYMOTrP8etonCHtG0nXrTGV+/WHUcqHhdSVnWI1Lz5/j4

0VZgUgHp4Js71h5xOifKc9hu/JGWV31uXjrbn8cvZzXMjHQN65R3EzmiPtwS2ejt

7lHraxIYnmYu4Bf5YM34o8JsvXKeFlGaegfFOMtLZ7kMjZuA5To69JLqwal4NW5N

8BAqpw4cmyG2MNrLQq4OHpXI5DMZoGfqaT7FNajAFTUUm2INlv8kVkg6KQYfoIgd

mXwqR4X2cixVuv3seFG9WUO0K3lMoqPaac+HsNDY6Id98kSLH+potKqeI9fB4TC4

1dxAgiGGNgAueFj3/RaVnQfABcA6pDjgsSP0kvTVhQZMv44F2F/ERjLEbRBWCCgL

qB07hAzZK/IOU1iYgbJe8YfWEngIWCW7NpyLDlBjHR1lLXfljSkNjStIAyT8jWnH

UVckk7+vm4EAgwliZDjrhBHlDaKI46assOyhiILN44Hw4bE9nizrHNb4ZGSuv+IV

fhKhtnTzT4gkJbIPPrq9d/gpoFElh4ZGBOujhklhjN6ZlGlZfmg=

=mYnC

—–END PGP SIGNATURE—–