CVE-2021-22866

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

CVE-2021-22866 UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user resources

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

New Relic: GitHub Integration doesn't sanitize repository URLs which might be attacker-controlled

New Relic's integration of Github repos had an implicit assumption that URL's for repos would not need to be sanitized. The researcher demonstrated that an attacker can return a manually configure the htmlurl value on an attacker controlled server emulating the Github API. A victim would need to...

PT-2021-15238 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.0.4 GitHub Enterprise Server versions prior to 2.22.10 GitHub Enterprise Server versions prior to 2.21.18 Description: An improper access control issue was identified that allowed access tokens...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. GitHub Enterprise Server has a security vulnerability that can be exploited by an attacker...

CVE-2021-22864

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to...

CVE-2021-22864

GitHub Enterprise Server CVE-2021-22864 is a remote code execution flaw caused by insecure, user-controlled configuration options for GitHub Pages that could override environment variables. Affected: all GitHub Enterprise Server versions prior to 3.0.3. Impact: attacker with permission to create/...

CVE-2021-22864 Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to...

PT-2021-15237 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.0.3 GitHub Enterprise Server version 2.22.9 GitHub Enterprise Server version 2.21.17 Description: A remote code execution issue was identified in GitHub Enterprise Server that could be exploited wh...

GitHub Enterprise Server 命令注入漏洞

GitHub Enterprise Server is Github an open source application. GitHub Enterprise Server is an open source application that provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. GitHub Enterprise Server prior to 3.0....

CVE-2021-22863

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...

CVE-2021-22861

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...

CVE-2021-22862

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference ...

CVE-2021-22861

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...

CVE-2020-10519

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...

CVE-2020-10519

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...

CVE-2021-22863 Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...

CVE-2021-22863

CVE-2021-22863 is an improper access control vulnerability in GitHub Enterprise Server’s GraphQL API. It allowed authenticated users to modify the maintainer collaboration permission on a pull request, potentially exposing head branches of repos where they are a maintainer. Affected versions span...

CVE-2021-22862 Improper access control in GitHub Enterprise Server leading to the disclosure of Actions secrets to forks

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference ...

CVE-2021-22862

GitHub Enterprise Server 3.0.0, 3.0.0.rc2, and 3.0.0.rc1 are affected by an improper access control vulnerability that lets an authenticated user who can fork a repository disclose Actions secrets from the parent repository. The root cause is a flaw that allows the base reference of a PR to be up...