CVE-2021-22869

An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group...

Path traversal

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server...

GitHub Enterprise Server 路径遍历漏洞

GitHub Enterprise Server is Github an open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A path traversal vulnerability exists in GitHub Enterprise Server, which stems from a path travers...

PT-2021-15242 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.0.0 through 3.0.15 GitHub Enterprise Server versions 3.1.0 through 3.1.7 Description: An improper access control issue in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner...

CVE-2021-22867

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server...

GitHub Enterprise Server 路径遍历漏洞

GitHub Enterprise Server is Github an open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. GitHub Enterprise Server suffers from a path traversal vulnerability that stems from a failure of ...

CVE-2021-22866

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

CVE-2021-22866 UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user resources

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

New Relic: GitHub Integration doesn't sanitize repository URLs which might be attacker-controlled

New Relic's integration of Github repos had an implicit assumption that URL's for repos would not need to be sanitized. The researcher demonstrated that an attacker can return a manually configure the htmlurl value on an attacker controlled server emulating the Github API. A victim would need to...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. GitHub Enterprise Server has a security vulnerability that can be exploited by an attacker...

PT-2021-15238 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.0.4 GitHub Enterprise Server versions prior to 2.22.10 GitHub Enterprise Server versions prior to 2.21.18 Description: An improper access control issue was identified that allowed access tokens...

CVE-2021-22864

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to...

CVE-2021-22864

GitHub Enterprise Server CVE-2021-22864 is a remote code execution flaw caused by insecure, user-controlled configuration options for GitHub Pages that could override environment variables. Affected: all GitHub Enterprise Server versions prior to 3.0.3. Impact: attacker with permission to create/...

CVE-2021-22864 Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to...

GitHub Enterprise Server 命令注入漏洞

GitHub Enterprise Server is Github an open source application. GitHub Enterprise Server is an open source application that provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. GitHub Enterprise Server prior to 3.0....

PT-2021-15237 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.0.3 GitHub Enterprise Server version 2.22.9 GitHub Enterprise Server version 2.21.17 Description: A remote code execution issue was identified in GitHub Enterprise Server that could be exploited wh...

CVE-2021-22862

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference ...

CVE-2021-22863

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...

CVE-2021-22861

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...

CVE-2021-22861

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...