{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T21:11:56.078","vulnerabilities":[{"cve":{"id":"CVE-2025-6981","sourceIdentifier":"product-cna@github.com","published":"2025-07-15T21:15:34.630","lastModified":"2025-08-27T14:41:04.110","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18 and was fixed in versions 3.14.15, 3.15.10, 3.16.6 and 3.17.3"},{"lang":"es","value":"Una vulnerabilidad de autorización incorrecta permitía el acceso de lectura no autorizado al contenido de los repositorios internos de las cuentas de contratistas cuando la API de Contratistas estaba habilitada. Esta API es una función que rara vez se habilita en la vista previa privada. Esta vulnerabilidad afectó a todas las versiones de GitHub Enterprise Server anteriores a la 3.18 y se corrigió en las versiones 3.14.15, 3.15.10, 3.16.6 y 3.17.3."}],"metrics":{"cvssMetricV40":[{"source":"product-cna@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"product-cna@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionEndExcluding":"3.14.5","matchCriteriaId":"2DB5F812-AC13-42A9-A069-91F1B79C5DF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15.0","versionEndExcluding":"3.15.10","matchCriteriaId":"1BCFE1AA-2E9A-441B-AF29-09CCC145C35E"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16.0","versionEndExcluding":"3.16.6","matchCriteriaId":"ABD1C16F-FEA8-4F55-8568-B6B5358E25D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17.0","versionEndExcluding":"3.17.3","matchCriteriaId":"8C1A2E92-5EBA-44C7-B250-EEBBE0BFC1F2"}]}]}],"references":[{"url":"https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.15","source":"product-cna@github.com","tags":["Release Notes"]},{"url":"https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.10","source":"product-cna@github.com","tags":["Release Notes"]},{"url":"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.6","source":"product-cna@github.com","tags":["Release Notes"]},{"url":"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.3","source":"product-cna@github.com","tags":["Release Notes"]}]}}]}