Lucene search
GitHub_PCVELIST:CVE-2023-22380HistoryFeb 16, 2023 - 12:00 a.m.
CVE-2023-22380 Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site
2023-02-1600:00:00
CWE-22
GitHub_P
www.cve.org
github enterprise server
path traversal
arbitrary file reading
github pages
vulnerability
github bug bounty
3.7.6
0.001 Low
EPSS
Percentile
29.6%
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.6. This vulnerability was reported via the GitHub Bug Bounty program.
CNA Affected
[
{
"vendor": "GitHub",
"product": "GitHub Enterprise Server",
"versions": [
{
"version": "3.7",
"status": "affected",
"lessThan": "3.7.6",
"versionType": "custom"
}
]
}
]Related
prion
prion
Path traversal
2023-02-16 21:15:00
cve
cve
CVE-2023-22380
2023-02-16 21:15:14
nvd
nvd
CVE-2023-22380
2023-02-16 21:15:14