CVE-2021-22868

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server...

CVE-2021-22869

An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group...

Path traversal

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server...

PT-2021-15242 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.0.0 through 3.0.15 GitHub Enterprise Server versions 3.1.0 through 3.1.7 Description: An improper access control issue in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner...

GitHub Enterprise Server 路径遍历漏洞

GitHub Enterprise Server is Github an open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A path traversal vulnerability exists in GitHub Enterprise Server, which stems from a path travers...

CVE-2021-22867

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server...

GitHub Enterprise Server 路径遍历漏洞

GitHub Enterprise Server is Github an open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. GitHub Enterprise Server suffers from a path traversal vulnerability that stems from a failure of ...

CVE-2021-22866

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

CVE-2021-22866 UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user resources

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

New Relic: GitHub Integration doesn't sanitize repository URLs which might be attacker-controlled

New Relic's integration of Github repos had an implicit assumption that URL's for repos would not need to be sanitized. The researcher demonstrated that an attacker can return a manually configure the htmlurl value on an attacker controlled server emulating the Github API. A victim would need to...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is Github an open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from a UI misdescription...

CVE-2021-22865

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this...

PT-2021-15238 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.0.4 GitHub Enterprise Server versions prior to 2.22.10 GitHub Enterprise Server versions prior to 2.21.18 Description: An improper access control issue was identified that allowed access tokens...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. GitHub Enterprise Server has a security vulnerability that can be exploited by an attacker...

CVE-2021-22864

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to...

CVE-2021-22864

GitHub Enterprise Server CVE-2021-22864 is a remote code execution flaw caused by insecure, user-controlled configuration options for GitHub Pages that could override environment variables. Affected: all GitHub Enterprise Server versions prior to 3.0.3. Impact: attacker with permission to create/...

CVE-2021-22864 Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to...

PT-2021-15237 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.0.3 GitHub Enterprise Server version 2.22.9 GitHub Enterprise Server version 2.21.17 Description: A remote code execution issue was identified in GitHub Enterprise Server that could be exploited wh...

GitHub Enterprise Server 命令注入漏洞

GitHub Enterprise Server is Github an open source application. GitHub Enterprise Server is an open source application that provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. GitHub Enterprise Server prior to 3.0....

CVE-2021-22861

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...