Path traversal

A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the...

GitHub Enterprise Server 路径遍历漏洞

GitHub Enterprise Server is Github an open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A path traversal vulnerability exists in GitHub Enterprise Server versions prior to 3.5, which...

GitHub: CSRF protection bypass in GitHub Enterprise management console

A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the...

Review your security vulnerabilities in GitHub with code scanning alerts

Today, for GitHub repositories, our SAST analysis provides fast, precise security feedback directly inside your pull requests. You instantly know how many vulnerabilities are detected and, until now, you would systematically go to SonarCloud to start investigating. Not anymore. From this point...

CVE-2021-41599

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...

Remote code execution

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is Github an open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from a lack of restricti...

Gh-Dork - Github Dorking Tool

Supply a list of dorks and, optionally, one of the following: a user -u a file with a list of users -uf an organization -org a file with a list of organizations -of a repo -r You can also pass: an output directory to store results -o a filename to store valid items, if your users or org file may...

CVE-2021-41598

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

CVE-2021-41598 UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is Github an open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from a UI...

CVE-2021-37940

An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly...

CVE-2021-37940

An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly...

Enterprise Search 7.16.0 Security Update

Enterprise Search Information Disclosure issue ESA-2021-28 An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the...

GitHub Enterprise Server 代码问题漏洞

GitHub Enterprise Server is Github an open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in Workplace Search Github Enterprise Server. An attacker can...

Path traversal

A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. Th...

CVE-2021-22870

The CVE-2021-22870 issue affects GitHub Enterprise Server pages builds and is a path-traversal vulnerability that could allow an attacker with permission to create and build a GitHub Pages site to read system files. The vulnerability exists in all versions prior to 3.3 and was fixed in 3.0.19, 3....

CVE-2021-22870 Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access

A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. Th...

GitHub Enterprise Server 路径遍历漏洞

GitHub Enterprise Server is Github an open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in the GitHub page builds on GitHub Enterprise Server, which can b...

VulnCheck KEV: CVE-2021-22205

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files...