Lucene search
GitHub_PCVELIST:CVE-2021-22870HistoryNov 10, 2021 - 1:55 a.m.
CVE-2021-22870 Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access
2021-11-1001:55:11
CWE-23
GitHub_P
www.cve.org
3
cve-2021-22870; github enterprise server; path traversal; unauthorized file read access; vulnerability; github pages; system files; attack; permission; github bug bounty
EPSS
0.001
Percentile
51.1%
A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported via the GitHub Bug Bounty program.
CNA Affected
[
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.0.19",
"status": "affected",
"version": "3.0",
"versionType": "custom"
},
{
"lessThan": "3.1.11",
"status": "affected",
"version": "3.1",
"versionType": "custom"
},
{
"lessThan": "3.2.3",
"status": "affected",
"version": "3.2",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2021-22870
2021-11-10 02:15:06
prion
prion
Path traversal
2021-11-10 02:15:00
cve
cve
CVE-2021-22870
2021-11-10 02:15:06