CVE-2020-10519

Summary: CVE-2020-10519 is a remote code execution risk in GitHub Enterprise Server when building GitHub Pages, caused by overly permissive, user-controlled configuration of parsers used by Pages. The issue affects all versions prior to 2.22.7 and is fixed in 2.22.7, 2.21.15, and 2.20.24. Exploit...

CVE-2020-10519 Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...

PT-2021-15234 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 2.4.21 through 2.20.23 GitHub Enterprise Server versions 2.21.0 through 2.21.14 GitHub Enterprise Server versions 2.22.0 through 2.22.6 GitHub Enterprise Server versions 3.0.0 Description: An improper access...

GitHub 命令注入漏洞

GitHub is a suite of hosting platforms for open source and private software projects. A security vulnerability exists in GitHub Enterprise Server prior to 2.22.7, which can be exploited by attackers to remotely execute code...

PT-2021-15236 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 2.12.22 through 2.20.23 GitHub Enterprise Server versions 2.21.0 through 2.21.14 GitHub Enterprise Server versions 2.22.0 through 2.22.6 GitHub Enterprise Server versions 3.0.0 Description: An improper access...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in the GitHub Enterprise Server GraphQL API that allows an...

CVE-2020-10518

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...

CVE-2020-10518

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...

CVE-2020-10517 Improper access control in GitHub Enterprise Server leading to the enumeration of private repository names

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository conten...

CVE-2020-10518 Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...

CVE-2020-10516

An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior t...