2 matches found
CVE-2017-18365
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a...
CVE-2017-18365
The CVE-2017-18365 issue affects GitHub Enterprise 2.8.x prior to 2.8.7. A deserialization flaw in the Management Console allows unauthenticated remote attackers to execute arbitrary code by crafting a cookie signed with the (identical) enterprise session secret, triggering Marshal.load on untrus...