Title: GitHub Enterprise Server 
Description: Cross site scripting en el campo tag name pattern en la interfaz de usuario de protección de etiquetas en GitHub Enterprise Server 3.8.12, 3.9.7, 3.10.4, 3.11.2 permiten que un sitio web malicioso que requiere interacción del usuario e ingeniería social realice cambios en un cuenta de usuario a través de omisión CSP con tokens CSRF creados. Esta vulnerabilidad afectó a todas las versiones de GitHub Enterprise Server y se solucionó en todas las versiones 3.11.3, 3.10.5, 3.9.8 y 3.8.13. Esta vulnerabilidad se informó a través del programa GitHub Bug Bounty.

Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server 3.8.12, 3.9.7, 3.10.4, 3.11.2 allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server  and was fixed in all versions of 3.11.3, 3.10.5, 3.9.8, and 3.8.13. This vulnerability was reported via the GitHub Bug Bounty program.

Rejected reason: This CVE ID has been rejected or withdrawn by GitHub.

GitHub, Inc. (Products Only) AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

GitHub, Inc. (Products Only) CWE-79

GitHub, Inc. (Products Only) https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5

GitHub, Inc. (Products Only) https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3

GitHub, Inc. (Products Only) https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13

GitHub, Inc. (Products Only) https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8