All the vulnerabilites related to GitHub - GitHub Enterprise Server
cve-2022-23737
Vulnerability from cvelistv5
Published
2022-12-01 00:00
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, and 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.2 < 3.2.20 Version: 3.3 < 3.3.15 Version: 3.4 < 3.4.10 Version: 3.5 < 3.5.7 Version: 3.6 < 3.6.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:51:46.055Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.20" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.15" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.10" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.7" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.2.20", "status": "affected", "version": "3.2", "versionType": "custom" }, { "lessThan": "3.3.15", "status": "affected", "version": "3.3", "versionType": "custom" }, { "lessThan": "3.4.10", "status": "affected", "version": "3.4", "versionType": "custom" }, { "lessThan": "3.5.7", "status": "affected", "version": "3.5", "versionType": "custom" }, { "lessThan": "3.6.3", "status": "affected", "version": "3.6", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Ali Shehab and Ali Kalout" } ], "descriptions": [ { "lang": "en", "value": "An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization\u0027s repo with write permissions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, and 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-01T00:00:00", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.20" }, { "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.15" }, { "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.10" }, { "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.7" }, { "url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.3" } ], "source": { "discovery": "EXTERNAL" }, "title": "Improper Privilege Management in GitHub Enterprise Server leading to page creation and deletion" } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2022-23737", "datePublished": "2022-12-01T00:00:00", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:51:46.055Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-5816
Vulnerability from cvelistv5
Published
2024-07-16 21:27
Modified
2024-08-01 21:25
Severity ?
EPSS score ?
Summary
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.9.17, 3.10.14, 3.11.12, 3.12.6, 3.13.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.10.0 ≤ 3.10.13 Version: 3.11.0 ≤ 3.11.11 Version: 3.12.0 ≤ 3.12.5 Version: 3.13 ≤ 3.13.0 Version: 3.9.0 ≤ 3.9.16 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-5816", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-18T15:13:57.496747Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-18T15:14:00.162Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:25:02.923Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.9.17" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "changes": [ { "at": "3.10.14", "status": "unaffected" } ], "lessThanOrEqual": "3.10.13", "status": "affected", "version": "3.10.0", "versionType": "semver" }, { "changes": [ { "at": "3.11.12", "status": "unaffected" } ], "lessThanOrEqual": "3.11.11", "status": "affected", "version": "3.11.0", "versionType": "semver" }, { "changes": [ { "at": "3.12.6", "status": "unaffected" } ], "lessThanOrEqual": "3.12.5", "status": "affected", "version": "3.12.0", "versionType": "semver" }, { "changes": [ { "at": "3.13.1", "status": "unaffected" } ], "lessThanOrEqual": "3.13.0", "status": "affected", "version": "3.13", "versionType": "semver" }, { "changes": [ { "at": "3.9.17", "status": "unaffected" } ], "lessThanOrEqual": "3.9.16", "status": "affected", "version": "3.9.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ahacker1" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003esuspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.9.17, 3.10.14, 3.11.12, 3.12.6, 3.13.1. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003c/p\u003e" } ], "value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.9.17, 3.10.14, 3.11.12, 3.12.6, 3.13.1. This vulnerability was reported via the GitHub Bug Bounty program." } ], "impacts": [ { "capecId": "CAPEC-114", "descriptions": [ { "lang": "en", "value": "CAPEC-114 Authentication Abuse" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-16T21:27:00.491Z", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15" }, { "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12" }, { "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6" }, { "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1" }, { "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.9.17" }, { "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17" } ], "source": { "discovery": "UNKNOWN" }, "title": "Improper authorization allows persistent access in GitHub Enterprise Server", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2024-5816", "datePublished": "2024-07-16T21:27:00.491Z", "dateReserved": "2024-06-10T20:14:52.022Z", "dateUpdated": "2024-08-01T21:25:02.923Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-5795
Vulnerability from cvelistv5
Published
2024-07-16 21:26
Modified
2024-08-01 21:25
Severity ?
EPSS score ?
Summary
A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.9.0 ≤ 3.9.16 Version: 3.10.0 ≤ 3.10.13 Version: 3.11.0 ≤ 3.11.11 Version: 3.12.0 ≤ 3.12.5 Version: 3.13 ≤ 3.13.0 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-5795", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-18T13:58:44.001087Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-22T14:40:29.964Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:25:01.600Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "changes": [ { "at": "3.9.17", "status": "unaffected" } ], "lessThanOrEqual": "3.9.16", "status": "affected", "version": "3.9.0", "versionType": "semver" }, { "changes": [ { "at": "3.10.14", "status": "unaffected" } ], "lessThanOrEqual": "3.10.13", "status": "affected", "version": "3.10.0", "versionType": "semver" }, { "changes": [ { "at": "3.11.12", "status": "unaffected" } ], "lessThanOrEqual": "3.11.11", "status": "affected", "version": "3.11.0", "versionType": "semver" }, { "changes": [ { "at": "3.12.6", "status": "unaffected" } ], "lessThanOrEqual": "3.12.5", "status": "affected", "version": "3.12.0", "versionType": "semver" }, { "changes": [ { "at": "3.13.1", "status": "unaffected" } ], "lessThanOrEqual": "3.13.0", "status": "affected", "version": "3.13", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e" } ], "value": "A Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program." } ], "impacts": [ { "capecId": "CAPEC-469", "descriptions": [ { "lang": "en", "value": "CAPEC-469 HTTP DoS" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-16T21:26:54.243Z", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17" }, { "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14" }, { "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12" }, { "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6" }, { "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1" } ], "source": { "discovery": "EXTERNAL" }, "title": "Denial of Service vulnerability was identified in GitHub Enterprise Server that allowed resource exhaustion", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2024-5795", "datePublished": "2024-07-16T21:26:54.243Z", "dateReserved": "2024-06-10T15:12:00.887Z", "dateUpdated": "2024-08-01T21:25:01.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6395
Vulnerability from cvelistv5
Published
2024-07-16 21:27
Modified
2024-08-01 21:41
Severity ?
EPSS score ?
Summary
An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.10.0 ≤ 3.10.13 Version: 3.11.0 ≤ 3.11.11 Version: 3.12.0 ≤ 3.12.5 Version: 3.13 ≤ 3.13.0 Version: 3.9.0 ≤ 3.9.16 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-6395", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-17T14:16:45.561581Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-17T14:16:58.488Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:41:03.389Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://help.github.com/enterprise-server@3.10/admin/release-notes#3.10.15" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "changes": [ { "at": "3.10.14", "status": "unaffected" } ], "lessThanOrEqual": "3.10.13", "status": "affected", "version": "3.10.0", "versionType": "semver" }, { "changes": [ { "at": "3.11.12", "status": "unaffected" } ], "lessThanOrEqual": "3.11.11", "status": "affected", "version": "3.11.0", "versionType": "semver" }, { "changes": [ { "at": "3.12.6", "status": "unaffected" } ], "lessThanOrEqual": "3.12.5", "status": "affected", "version": "3.12.0", "versionType": "semver" }, { "changes": [ { "at": "3.13.1", "status": "unaffected" } ], "lessThanOrEqual": "3.13.0", "status": "affected", "version": "3.13", "versionType": "semver" }, { "changes": [ { "at": "3.9.17", "status": "unaffected" } ], "lessThanOrEqual": "3.9.16", "status": "affected", "version": "3.9.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ahacker1" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. \u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThis vulnerability did not allow unauthorized access to any repository content besides the name. \u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThis vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program." } ], "impacts": [ { "capecId": "CAPEC-261", "descriptions": [ { "lang": "en", "value": "CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 6.3, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/V:C/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-16T21:27:10.901Z", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://help.github.com/enterprise-server@3.10/admin/release-notes#3.10.15" }, { "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12" }, { "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6" }, { "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1" }, { "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17" } ], "source": { "discovery": "UNKNOWN" }, "title": "GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Deploy Keys", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2024-6395", "datePublished": "2024-07-16T21:27:10.901Z", "dateReserved": "2024-06-27T17:43:52.407Z", "dateUpdated": "2024-08-01T21:41:03.389Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-22869
Vulnerability from cvelistv5
Published
2021-09-24 17:50
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases.
References
▼ | URL | Tags |
---|---|---|
https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.0 < 3.0.16 Version: 3.1 < 3.1.8 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:51:07.513Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.0.16", "status": "affected", "version": "3.0", "versionType": "custom" }, { "lessThan": "3.1.8", "status": "affected", "version": "3.1", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-668", "description": "CWE-668", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-24T17:50:10", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8" } ], "source": { "discovery": "INTERNAL" }, "title": "Improper access control in GitHub Enterprise Server allows self-hosted runners to execute outside their control group", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2021-22869", "STATE": "PUBLIC", "TITLE": "Improper access control in GitHub Enterprise Server allows self-hosted runners to execute outside their control group" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "3.0", "version_value": "3.0.16" }, { "version_affected": "\u003c", "version_name": "3.1", "version_value": "3.1.8" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-668" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.16", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.16" }, { "name": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.8", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.8" } ] }, "source": { "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2021-22869", "datePublished": "2021-09-24T17:50:10", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-03T18:51:07.513Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46255
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.7 < 3.7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:44.433Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.7.1", "status": "affected", "version": "3.7", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "yvvdwf" } ], "descriptions": [ { "lang": "en", "value": "An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-14T00:00:00", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1" } ], "source": { "discovery": "EXTERNAL" }, "title": "Improper Limitation of a Pathname to a Restricted Directory in GitHub Enterprise Server leading to RCE" } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2022-46255", "datePublished": "2022-12-14T00:00:00", "dateReserved": "2022-11-28T00:00:00", "dateUpdated": "2024-08-03T14:31:44.433Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10516
Vulnerability from cvelistv5
Published
2020-06-03 13:31
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program.
References
▼ | URL | Tags |
---|---|---|
https://enterprise.github.com/releases/2.20.9/notes | x_refsource_MISC | |
https://enterprise.github.com/releases/2.19.15/notes | x_refsource_MISC | |
https://enterprise.github.com/releases/2.18.20/notes | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 2.20 < 2.20.9 Version: 2.19 < 2.19.15 Version: 2.18 < 2.18.20 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:06:09.534Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://enterprise.github.com/releases/2.20.9/notes" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://enterprise.github.com/releases/2.19.15/notes" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://enterprise.github.com/releases/2.18.20/notes" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "2.20.9", "status": "affected", "version": "2.20", "versionType": "custom" }, { "lessThan": "2.19.15", "status": "affected", "version": "2.19", "versionType": "custom" }, { "lessThan": "2.18.20", "status": "affected", "version": "2.18", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Vaibhav Singh" } ], "descriptions": [ { "lang": "en", "value": "An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "CWE-285: Improper Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-03T13:31:24", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://enterprise.github.com/releases/2.20.9/notes" }, { "tags": [ "x_refsource_MISC" ], "url": "https://enterprise.github.com/releases/2.19.15/notes" }, { "tags": [ "x_refsource_MISC" ], "url": "https://enterprise.github.com/releases/2.18.20/notes" } ], "source": { "discovery": "EXTERNAL" }, "title": "Improper access control in GitHub Enterprise Server leading to privilege escalation of organization member", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2020-10516", "STATE": "PUBLIC", "TITLE": "Improper access control in GitHub Enterprise Server leading to privilege escalation of organization member" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "2.20", "version_value": "2.20.9" }, { "version_affected": "\u003c", "version_name": "2.19", "version_value": "2.19.15" }, { "version_affected": "\u003c", "version_name": "2.18", "version_value": "2.18.20" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "credit": [ { "lang": "eng", "value": "Vaibhav Singh" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-285: Improper Authorization" } ] } ] }, "references": { "reference_data": [ { "name": "https://enterprise.github.com/releases/2.20.9/notes", "refsource": "MISC", "url": "https://enterprise.github.com/releases/2.20.9/notes" }, { "name": "https://enterprise.github.com/releases/2.19.15/notes", "refsource": "MISC", "url": "https://enterprise.github.com/releases/2.19.15/notes" }, { "name": "https://enterprise.github.com/releases/2.18.20/notes", "refsource": "MISC", "url": "https://enterprise.github.com/releases/2.18.20/notes" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2020-10516", "datePublished": "2020-06-03T13:31:24", "dateReserved": "2020-03-12T00:00:00", "dateUpdated": "2024-08-04T11:06:09.534Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-22867
Vulnerability from cvelistv5
Published
2021-07-14 20:55
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and was fixed in 3.1.3, 3.0.11, and 2.22.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
▼ | URL | Tags |
---|---|---|
https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.17 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.11 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.3 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 2.22 < 2.22.17 Version: 3.0 < 3.0.11 Version: 3.1 < 3.1.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:51:07.486Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.17" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.11" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "2.22.17", "status": "affected", "version": "2.22", "versionType": "custom" }, { "lessThan": "3.0.11", "status": "affected", "version": "3.0", "versionType": "custom" }, { "lessThan": "3.1.3", "status": "affected", "version": "3.1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "yvvdwf" } ], "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and was fixed in 3.1.3, 3.0.11, and 2.22.17. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Command Injection - Generic", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-14T20:55:11", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.17" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.11" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.3" } ], "source": { "discovery": "EXTERNAL" }, "title": "Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2021-22867", "STATE": "PUBLIC", "TITLE": "Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "2.22", "version_value": "2.22.17" }, { "version_affected": "\u003c", "version_name": "3.0", "version_value": "3.0.11" }, { "version_affected": "\u003c", "version_name": "3.1", "version_value": "3.1.3" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "credit": [ { "lang": "eng", "value": "yvvdwf" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and was fixed in 3.1.3, 3.0.11, and 2.22.17. This vulnerability was reported via the GitHub Bug Bounty program." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77: Command Injection - Generic" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.17", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.17" }, { "name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.11", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.11" }, { "name": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.3", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.3" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2021-22867", "datePublished": "2021-07-14T20:55:12", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-03T18:51:07.486Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-23740
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.7 < 3.7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:51:46.104Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.7.1", "status": "affected", "version": "3.7", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "yvvdwf" } ], "descriptions": [ { "lang": "en", "value": "CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-88", "description": "CWE-88", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-23T00:00:00", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1" } ], "source": { "discovery": "EXTERNAL" }, "title": "Improper Neutralization of Argument Delimiters in a Command in GitHub Enterprise Server leading to Remote Code Execution" } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2022-23740", "datePublished": "2022-11-23T00:00:00", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:51:46.104Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-22861
Vulnerability from cvelistv5
Published
2021-03-03 03:25
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 2.20 < 2.20.24 Version: 2.21 < 2.21.15 Version: 2.22 < 2.22.7 Version: 3.0 < 3.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:51:07.561Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "2.20.24", "status": "affected", "version": "2.20", "versionType": "custom" }, { "lessThan": "2.21.15", "status": "affected", "version": "2.21", "versionType": "custom" }, { "lessThan": "2.22.7", "status": "affected", "version": "2.22", "versionType": "custom" }, { "lessThan": "3.0.1", "status": "affected", "version": "3.0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Teddy Katz" } ], "descriptions": [ { "lang": "en", "value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-03T03:25:21", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1" } ], "source": { "discovery": "EXTERNAL" }, "title": "Improper access control in GitHub Enterprise Server leading to unauthorized write access to forkable repositories", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2021-22861", "STATE": "PUBLIC", "TITLE": "Improper access control in GitHub Enterprise Server leading to unauthorized write access to forkable repositories" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "2.20", "version_value": "2.20.24" }, { "version_affected": "\u003c", "version_name": "2.21", "version_value": "2.21.15" }, { "version_affected": "\u003c", "version_name": "2.22", "version_value": "2.22.7" }, { "version_affected": "\u003c", "version_name": "3.0", "version_value": "3.0.1" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "credit": [ { "lang": "eng", "value": "Teddy Katz" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-285 Improper Authorization" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24" }, { "name": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15" }, { "name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7" }, { "name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2021-22861", "datePublished": "2021-03-03T03:25:21", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-03T18:51:07.561Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46258
Vulnerability from cvelistv5
Published
2023-01-09 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability affected all versions of GitHub Enterprise Server prior to version 3.7 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, and 3.6.4. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.3 < 3.3.16 Version: 3.4 < 3.4.11 Version: 3.5 < 3.5.8 Version: 3.6 < 3.6.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:45.925Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.16" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.11" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.8" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.3.16", "status": "affected", "version": "3.3", "versionType": "custom" }, { "lessThan": "3.4.11", "status": "affected", "version": "3.4", "versionType": "custom" }, { "lessThan": "3.5.8", "status": "affected", "version": "3.5", "versionType": "custom" }, { "lessThan": "3.6.4", "status": "affected", "version": "3.6", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Alex Ilgayev" }, { "lang": "en", "value": "Vaibhav Singh (@vaib25vicky)" } ], "descriptions": [ { "lang": "en", "value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability affected all versions of GitHub Enterprise Server prior to version 3.7 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, and 3.6.4. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-30T00:00:00", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.16" }, { "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.11" }, { "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.8" }, { "url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.4" } ], "source": { "discovery": "EXTERNAL" }, "title": "Incorrect Authorization in GitHub Enterprise Server leads to Action Workflow modifications without Workflow Scope" } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2022-46258", "datePublished": "2023-01-09T00:00:00", "dateReserved": "2022-11-28T00:00:00", "dateUpdated": "2024-08-03T14:31:45.925Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-41598
Vulnerability from cvelistv5
Published
2022-01-25 19:45
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but if the user later updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, those additional permissions would not be displayed, leading to more permissions being granted than the user potentially intended. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program.
References
▼ | URL | Tags |
---|---|---|
https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.0 < 3.0.21 Version: 3.1 < 3.1.13 Version: 3.2 < 3.2.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:15:29.207Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.0.21", "status": "affected", "version": "3.0", "versionType": "custom" }, { "lessThan": "3.1.13", "status": "affected", "version": "3.1", "versionType": "custom" }, { "lessThan": "3.2.5", "status": "affected", "version": "3.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Vaibhav Singh (vaib25vicky)" } ], "descriptions": [ { "lang": "en", "value": "A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App\u0027s user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but if the user later updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, those additional permissions would not be displayed, leading to more permissions being granted than the user potentially intended. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-451", "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-25T19:45:12", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5" } ], "source": { "discovery": "EXTERNAL" }, "title": "UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2021-41598", "STATE": "PUBLIC", "TITLE": "UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "3.0", "version_value": "3.0.21" }, { "version_affected": "\u003c", "version_name": "3.1", "version_value": "3.1.13" }, { "version_affected": "\u003c", "version_name": "3.2", "version_value": "3.2.5" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "credit": [ { "lang": "eng", "value": "Vaibhav Singh (vaib25vicky)" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App\u0027s user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but if the user later updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, those additional permissions would not be displayed, leading to more permissions being granted than the user potentially intended. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-451: User Interface (UI) Misrepresentation of Critical Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.21", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.21" }, { "name": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.13", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.13" }, { "name": "https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.5", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.5" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2021-41598", "datePublished": "2022-01-25T19:45:12", "dateReserved": "2021-09-24T00:00:00", "dateUpdated": "2024-08-04T03:15:29.207Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-7711
Vulnerability from cvelistv5
Published
2024-08-20 19:17
Modified
2024-08-20 19:46
Severity ?
EPSS score ?
Summary
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server versions before 3.14 and was fixed in versions 3.13.3, 3.12.8, and 3.11.14. Versions 3.10 of GitHub Enterprise Server are not affected. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.11.0 ≤ 3.11.13 Version: 3.12.0 ≤ 3.12.7 Version: 3.13.0 ≤ 3.13.2 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-7711", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-20T19:46:19.440056Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-20T19:46:55.283Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "changes": [ { "at": "3.11.14", "status": "unaffected" } ], "lessThanOrEqual": "3.11.13", "status": "affected", "version": "3.11.0", "versionType": "semver" }, { "changes": [ { "at": "3.12.8", "status": "unaffected" } ], "lessThanOrEqual": "3.12.7", "status": "affected", "version": "3.12.0", "versionType": "semver" }, { "changes": [ { "at": "3.13.3", "status": "unaffected" } ], "lessThanOrEqual": "3.13.2", "status": "affected", "version": "3.13.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ahacker1" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server versions before 3.14 and was fixed in versions 3.13.3, 3.12.8, and 3.11.14. Versions 3.10 of GitHub Enterprise Server are not affected. This vulnerability was reported via the GitHub Bug Bounty program." } ], "value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server versions before 3.14 and was fixed in versions 3.13.3, 3.12.8, and 3.11.14. Versions 3.10 of GitHub Enterprise Server are not affected. This vulnerability was reported via the GitHub Bug Bounty program." } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.3, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "LOW" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-20T19:17:37.776Z", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3" }, { "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8" }, { "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2024-7711", "datePublished": "2024-08-20T19:17:37.776Z", "dateReserved": "2024-08-12T18:11:15.883Z", "dateUpdated": "2024-08-20T19:46:55.283Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10519
Vulnerability from cvelistv5
Published
2021-03-03 03:25
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program.
References
▼ | URL | Tags |
---|---|---|
https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 2.20 < 2.20.24 Version: 2.21 < 2.21.15 Version: 2.22 < 2.22.7 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:06:09.542Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "2.20.24", "status": "affected", "version": "2.20", "versionType": "custom" }, { "lessThan": "2.21.15", "status": "affected", "version": "2.21", "versionType": "custom" }, { "lessThan": "2.22.7", "status": "affected", "version": "2.22", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "yvvdwf" } ], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Command Injection - Generic", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-03T03:25:21", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7" } ], "source": { "discovery": "EXTERNAL" }, "title": "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2020-10519", "STATE": "PUBLIC", "TITLE": "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "2.20", "version_value": "2.20.24" }, { "version_affected": "\u003c", "version_name": "2.21", "version_value": "2.21.15" }, { "version_affected": "\u003c", "version_name": "2.22", "version_value": "2.22.7" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "credit": [ { "lang": "eng", "value": "yvvdwf" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77: Command Injection - Generic" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24" }, { "name": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15" }, { "name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2020-10519", "datePublished": "2021-03-03T03:25:21", "dateReserved": "2020-03-12T00:00:00", "dateUpdated": "2024-08-04T11:06:09.542Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-41599
Vulnerability from cvelistv5
Published
2022-02-17 23:35
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program.
References
▼ | URL | Tags |
---|---|---|
https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.0 < 3.0.21 Version: 3.1 < 3.1.13 Version: 3.2 < 3.2.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:15:29.207Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.0.21", "status": "affected", "version": "3.0", "versionType": "custom" }, { "lessThan": "3.1.13", "status": "affected", "version": "3.1", "versionType": "custom" }, { "lessThan": "3.2.5", "status": "affected", "version": "3.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "yvvdwf" } ], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77, CWE-691, CWE-459", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-17T23:35:12", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5" } ], "source": { "discovery": "EXTERNAL" }, "title": "Improper control flow in GitHub Enterprise Server hosted Pages leads to remote code execution", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2021-41599", "STATE": "PUBLIC", "TITLE": "Improper control flow in GitHub Enterprise Server hosted Pages leads to remote code execution" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "3.0", "version_value": "3.0.21" }, { "version_affected": "\u003c", "version_name": "3.1", "version_value": "3.1.13" }, { "version_affected": "\u003c", "version_name": "3.2", "version_value": "3.2.5" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "credit": [ { "lang": "eng", "value": "yvvdwf" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77, CWE-691, CWE-459" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.21", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.21" }, { "name": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.13", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.13" }, { "name": "https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.5", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.5" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2021-41599", "datePublished": "2022-02-17T23:35:12", "dateReserved": "2021-09-24T00:00:00", "dateUpdated": "2024-08-04T03:15:29.207Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10517
Vulnerability from cvelistv5
Published
2020-08-27 21:55
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program.
References
▼ | URL | Tags |
---|---|---|
https://enterprise.github.com/releases/2.19.21/notes | x_refsource_MISC | |
https://enterprise.github.com/releases/2.20.15/notes | x_refsource_MISC | |
https://enterprise.github.com/releases/2.21.6/notes | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 2.21 < 2.21.6 Version: 2.20 < 2.20.15 Version: 2.19 < 2.19.21 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:06:09.569Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://enterprise.github.com/releases/2.19.21/notes" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://enterprise.github.com/releases/2.20.15/notes" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://enterprise.github.com/releases/2.21.6/notes" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "2.21.6", "status": "affected", "version": "2.21", "versionType": "custom" }, { "lessThan": "2.20.15", "status": "affected", "version": "2.20", "versionType": "custom" }, { "lessThan": "2.19.21", "status": "affected", "version": "2.19", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "William Bowling" } ], "descriptions": [ { "lang": "en", "value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "CWE-285: Improper Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-27T21:55:16", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://enterprise.github.com/releases/2.19.21/notes" }, { "tags": [ "x_refsource_MISC" ], "url": "https://enterprise.github.com/releases/2.20.15/notes" }, { "tags": [ "x_refsource_MISC" ], "url": "https://enterprise.github.com/releases/2.21.6/notes" } ], "source": { "discovery": "EXTERNAL" }, "title": "Improper access control in GitHub Enterprise Server leading to the enumeration of private repository names", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2020-10517", "STATE": "PUBLIC", "TITLE": "Improper access control in GitHub Enterprise Server leading to the enumeration of private repository names" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "2.21", "version_value": "2.21.6" }, { "version_affected": "\u003c", "version_name": "2.20", "version_value": "2.20.15" }, { "version_affected": "\u003c", "version_name": "2.19", "version_value": "2.19.21" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "credit": [ { "lang": "eng", "value": "William Bowling" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-285: Improper Authorization" } ] } ] }, "references": { "reference_data": [ { "name": "https://enterprise.github.com/releases/2.19.21/notes", "refsource": "MISC", "url": "https://enterprise.github.com/releases/2.19.21/notes" }, { "name": "https://enterprise.github.com/releases/2.20.15/notes", "refsource": "MISC", "url": "https://enterprise.github.com/releases/2.20.15/notes" }, { "name": "https://enterprise.github.com/releases/2.21.6/notes", "refsource": "MISC", "url": "https://enterprise.github.com/releases/2.21.6/notes" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2020-10517", "datePublished": "2020-08-27T21:55:16", "dateReserved": "2020-03-12T00:00:00", "dateUpdated": "2024-08-04T11:06:09.569Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-22863
Vulnerability from cvelistv5
Published
2021-03-03 03:25
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 2.20 < 2.20.24 Version: 2.21 < 2.21.15 Version: 2.22 < 2.22.7 Version: 3.0 < 3.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:51:07.572Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "2.20.24", "status": "affected", "version": "2.20", "versionType": "custom" }, { "lessThan": "2.21.15", "status": "affected", "version": "2.21", "versionType": "custom" }, { "lessThan": "2.22.7", "status": "affected", "version": "2.22", "versionType": "custom" }, { "lessThan": "3.0.1", "status": "affected", "version": "3.0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Teddy Katz" } ], "descriptions": [ { "lang": "en", "value": "An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-03T03:25:23", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1" } ], "source": { "discovery": "EXTERNAL" }, "title": "Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2021-22863", "STATE": "PUBLIC", "TITLE": "Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "2.20", "version_value": "2.20.24" }, { "version_affected": "\u003c", "version_name": "2.21", "version_value": "2.21.15" }, { "version_affected": "\u003c", "version_name": "2.22", "version_value": "2.22.7" }, { "version_affected": "\u003c", "version_name": "3.0", "version_value": "3.0.1" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "credit": [ { "lang": "eng", "value": "Teddy Katz" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-285 Improper Authorization" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24" }, { "name": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15" }, { "name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7" }, { "name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2021-22863", "datePublished": "2021-03-03T03:25:23", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-03T18:51:07.572Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-22864
Vulnerability from cvelistv5
Published
2021-03-23 21:40
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
▼ | URL | Tags |
---|---|---|
https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.17 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.9 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.3 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 2.21 < 2.21.17 Version: 2.22 < 2.22.9 Version: 3.0 < 3.0.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:51:07.560Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.17" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.9" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "2.21.17", "status": "affected", "version": "2.21", "versionType": "custom" }, { "lessThan": "2.22.9", "status": "affected", "version": "2.22", "versionType": "custom" }, { "lessThan": "3.0.3", "status": "affected", "version": "3.0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "yvvdwf" } ], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Command Injection - Generic", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-23T21:40:12", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.17" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.9" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.3" } ], "source": { "discovery": "EXTERNAL" }, "title": "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2021-22864", "STATE": "PUBLIC", "TITLE": "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "2.21", "version_value": "2.21.17" }, { "version_affected": "\u003c", "version_name": "2.22", "version_value": "2.22.9" }, { "version_affected": "\u003c", "version_name": "3.0", "version_value": "3.0.3" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "credit": [ { "lang": "eng", "value": "yvvdwf" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77: Command Injection - Generic" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.17", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.17" }, { "name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.9", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.9" }, { "name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.3", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.3" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2021-22864", "datePublished": "2021-03-23T21:40:12", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-03T18:51:07.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-9539
Vulnerability from cvelistv5
Published
2024-10-11 17:52
Modified
2024-10-11 18:43
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to upload malicious SVG files and phish a victim user to click on that uploaded asset URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.2, 3.13.5, 3.12.10, 3.11.16. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.14.0 ≤ 3.14.1 Version: 3.13.0 ≤ 3.13.4 Version: 3.12.0 ≤ 3.12.9 Version: 3.11.0 ≤ 3.11.15 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-9539", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-11T18:43:33.374629Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-11T18:43:42.224Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "changes": [ { "at": "3.14.2", "status": "unaffected" } ], "lessThanOrEqual": "3.14.1", "status": "affected", "version": "3.14.0", "versionType": "semver" }, { "changes": [ { "at": "3.13.5", "status": "unaffected" } ], "lessThanOrEqual": "3.13.4", "status": "affected", "version": "3.13.0", "versionType": "semver" }, { "changes": [ { "at": "3.12.10", "status": "unaffected" } ], "lessThanOrEqual": "3.12.9", "status": "affected", "version": "3.12.0", "versionType": "semver" }, { "changes": [ { "at": "3.11.16", "status": "unaffected" } ], "lessThanOrEqual": "3.11.15", "status": "affected", "version": "3.11.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "P\u0103un Luca" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to upload malicious SVG files and phish a victim user to click on that uploaded asset URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.2, 3.13.5, 3.12.10, 3.11.16. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to upload malicious SVG files and phish a victim user to click on that uploaded asset URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.2, 3.13.5, 3.12.10, 3.11.16. This vulnerability was reported via the GitHub Bug Bounty program." } ], "impacts": [ { "capecId": "CAPEC-37", "descriptions": [ { "lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 5.7, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-11T17:52:35.386Z", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.2" }, { "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.5" }, { "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.10" }, { "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2024-9539", "datePublished": "2024-10-11T17:52:35.386Z", "dateReserved": "2024-10-04T18:06:12.657Z", "dateUpdated": "2024-10-11T18:43:42.224Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-8770
Vulnerability from cvelistv5
Published
2024-09-23 20:09
Modified
2024-09-23 20:37
Severity ?
EPSS score ?
Summary
A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.14 ≤ 3.14.0 Version: 3.13.0 ≤ 3.13.3 Version: 3.12.0 ≤ 3.12.8 Version: 3.11.0 ≤ 3.11.14 Version: 3.10.0 ≤ 3.10.16 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-8770", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-23T20:36:55.783557Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-23T20:37:07.272Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "changes": [ { "at": "3.14.1", "status": "unaffected" } ], "lessThanOrEqual": "3.14.0", "status": "affected", "version": "3.14", "versionType": "semver" }, { "changes": [ { "at": "3.13.4", "status": "unaffected" } ], "lessThanOrEqual": "3.13.3", "status": "affected", "version": "3.13.0", "versionType": "semver" }, { "changes": [ { "at": "3.12.9", "status": "unaffected" } ], "lessThanOrEqual": "3.12.8", "status": "affected", "version": "3.12.0", "versionType": "semver" }, { "changes": [ { "at": "3.11.15", "status": "unaffected" } ], "lessThanOrEqual": "3.11.14", "status": "affected", "version": "3.11.0", "versionType": "semver" }, { "changes": [ { "at": "3.10.17", "status": "unaffected" } ], "lessThanOrEqual": "3.10.16", "status": "affected", "version": "3.10.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "R31n" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering.\u0026nbsp;\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThis vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThis vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering.\u00a0This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1.\u00a0This vulnerability was reported via the GitHub Bug Bounty program." } ], "impacts": [ { "capecId": "CAPEC-63", "descriptions": [ { "lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 5.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-23T20:09:01.746Z", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.1" }, { "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.4" }, { "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.9" }, { "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.15" }, { "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.17" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2024-8770", "datePublished": "2024-09-23T20:09:01.746Z", "dateReserved": "2024-09-12T22:04:09.227Z", "dateUpdated": "2024-09-23T20:37:07.272Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-5746
Vulnerability from cvelistv5
Published
2024-06-20 21:31
Modified
2024-08-01 21:18
Severity ?
EPSS score ?
Summary
A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise Server as a user with the Site Administrator role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.12.5, 3.11.11, 3.10.13, and 3.9.16. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.9.0 ≤ 3.9.15 Version: 3.10.0 ≤ 3.10.12 Version: 3.11.0 ≤ 3.11.10 Version: 3.12.0 ≤ 3.12.4 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-5746", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-24T15:08:08.152541Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-24T15:08:21.753Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:18:07.077Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.16" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.13" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.11" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThanOrEqual": "3.9.15", "status": "affected", "version": "3.9.0", "versionType": "semver" }, { "lessThanOrEqual": "3.10.12", "status": "affected", "version": "3.10.0", "versionType": "semver" }, { "lessThanOrEqual": "3.11.10", "status": "affected", "version": "3.11.0", "versionType": "semver" }, { "lessThanOrEqual": "3.12.4", "status": "affected", "version": "3.12.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "r31n" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise Server as a user with the Site Administrator role.\u0026nbsp;\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThis vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.12.5, 3.11.11, 3.10.13, and 3.9.16. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003cbr\u003e" } ], "value": "A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise Server as a user with the Site Administrator role.\u00a0This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.12.5, 3.11.11, 3.10.13, and 3.9.16. This vulnerability was reported via the GitHub Bug Bounty program." } ], "impacts": [ { "capecId": "CAPEC-664", "descriptions": [ { "lang": "en", "value": "CAPEC-664 Server Side Request Forgery" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-20T21:31:37.111Z", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.16" }, { "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.13" }, { "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.11" }, { "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.5" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2024-5746", "datePublished": "2024-06-20T21:31:37.111Z", "dateReserved": "2024-06-07T13:04:45.562Z", "dateUpdated": "2024-08-01T21:18:07.077Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-8263
Vulnerability from cvelistv5
Published
2024-09-23 20:12
Modified
2024-09-23 20:36
Severity ?
EPSS score ?
Summary
An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.14 ≤ 3.14.0 Version: 3.13.0 ≤ 3.13.3 Version: 3.12.0 ≤ 3.12.8 Version: 3.11.0 ≤ 3.11.14 Version: 3.10.0 ≤ 3.10.16 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-8263", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-23T20:36:29.135789Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-23T20:36:38.566Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "changes": [ { "at": "3.14.1", "status": "unaffected" } ], "lessThanOrEqual": "3.14.0", "status": "affected", "version": "3.14", "versionType": "semver" }, { "changes": [ { "at": "3.13.4", "status": "unaffected" } ], "lessThanOrEqual": "3.13.3", "status": "affected", "version": "3.13.0", "versionType": "semver" }, { "changes": [ { "at": "3.12.9", "status": "unaffected" } ], "lessThanOrEqual": "3.12.8", "status": "affected", "version": "3.12.0", "versionType": "semver" }, { "changes": [ { "at": "3.11.15", "status": "unaffected" } ], "lessThanOrEqual": "3.11.14", "status": "affected", "version": "3.11.0", "versionType": "semver" }, { "changes": [ { "at": "3.10.17", "status": "unaffected" } ], "lessThanOrEqual": "3.10.16", "status": "affected", "version": "3.10.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "syvb" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eAn improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1.\u0026nbsp;This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003cbr\u003e" } ], "value": "An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1.\u00a0This vulnerability was reported via the GitHub Bug Bounty program." } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.2, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-23T20:12:51.005Z", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.1" }, { "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.4" }, { "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.9" }, { "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.15" }, { "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.17" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2024-8263", "datePublished": "2024-09-23T20:12:51.005Z", "dateReserved": "2024-08-28T13:59:08.440Z", "dateUpdated": "2024-09-23T20:36:38.566Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6337
Vulnerability from cvelistv5
Published
2024-08-20 19:19
Modified
2024-08-21 13:43
Severity ?
EPSS score ?
Summary
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access token was not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.10.0 ≤ 3.10.15 Version: 3.11.0 ≤ 3.11.14 Version: 3.12.0 ≤ 3.12.7 Version: 3.13.0 ≤ 3.13.2 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-6337", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-21T13:27:35.698833Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-21T13:43:00.222Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "changes": [ { "at": "3.10.16", "status": "unaffected" } ], "lessThanOrEqual": "3.10.15", "status": "affected", "version": "3.10.0", "versionType": "semver" }, { "changes": [ { "at": "3.11.14", "status": "unaffected" } ], "lessThanOrEqual": "3.11.14", "status": "affected", "version": "3.11.0", "versionType": "semver" }, { "changes": [ { "at": "3.12.8", "status": "unaffected" } ], "lessThanOrEqual": "3.12.7", "status": "affected", "version": "3.12.0", "versionType": "semver" }, { "changes": [ { "at": "3.13.3", "status": "unaffected" } ], "lessThanOrEqual": "3.13.2", "status": "affected", "version": "3.13.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "VAIBHAV SINGH (@vaib25vicky)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only \u003cb\u003econtent: read\u003c/b\u003e and \u003cb\u003epull_request_write: write\u003c/b\u003e permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access token was not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003c/p\u003e" } ], "value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access token was not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program." } ], "impacts": [ { "capecId": "CAPEC-114", "descriptions": [ { "lang": "en", "value": "CAPEC-114 Authentication Abuse" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NEGLIGIBLE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 5.9, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/S:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-20T19:19:49.193Z", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16" }, { "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14" }, { "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8" }, { "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3" } ], "source": { "discovery": "UNKNOWN" }, "title": "Incorrect Authorization allows read access to issues in GitHub Enterprise Server", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2024-6337", "datePublished": "2024-08-20T19:19:49.193Z", "dateReserved": "2024-06-25T21:20:27.045Z", "dateUpdated": "2024-08-21T13:43:00.222Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2443
Vulnerability from cvelistv5
Published
2024-03-20 23:04
Modified
2024-08-27 19:36
Severity ?
EPSS score ?
Summary
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.8.0 ≤ Version: 3.9.0 ≤ Version: 3.10.0 ≤ Version: 3.11.0 ≤ Version: 3.12.0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T19:11:53.575Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.17" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.12" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.9" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.7" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.1" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "enterprise_server", "vendor": "github", "versions": [ { "lessThan": "3.8.17", "status": "affected", "version": "3.8.0", "versionType": "semver" }, { "lessThan": "3.9.12", "status": "affected", "version": "3.9.0", "versionType": "semver" }, { "lessThan": "3.10.9", "status": "affected", "version": "3.10.0", "versionType": "semver" }, { "lessThan": "3.11.7", "status": "affected", "version": "3.11.0", "versionType": "semver" }, { "lessThan": "3.12.1", "status": "affected", "version": "3.12.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-2443", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-27T19:33:21.035109Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-27T19:36:36.453Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "changes": [ { "at": "3.8.17", "status": "unaffected" } ], "lessThan": "3.8.17", "status": "affected", "version": "3.8.0", "versionType": "semver" }, { "changes": [ { "at": "3.9.12", "status": "unaffected" } ], "lessThan": "3.9.12", "status": "affected", "version": "3.9.0", "versionType": "semver" }, { "changes": [ { "at": "3.10.9", "status": "unaffected" } ], "lessThan": "3.10.9", "status": "affected", "version": "3.10.0", "versionType": "semver" }, { "changes": [ { "at": "3.11.7", "status": "unaffected" } ], "lessThan": "3.11.7", "status": "affected", "version": "3.11.0", "versionType": "semver" }, { "changes": [ { "at": "3.12.1", "status": "unaffected" } ], "lessThan": "3.12.1", "status": "affected", "version": "3.12.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "R31n" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eA command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003cbr\u003e" } ], "value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-20T23:04:23.899Z", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.17" }, { "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.12" }, { "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.9" }, { "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.7" }, { "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.1" } ], "source": { "discovery": "UNKNOWN" }, "title": "Improper input validation vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2024-2443", "datePublished": "2024-03-20T23:04:23.899Z", "dateReserved": "2024-03-13T22:52:53.549Z", "dateUpdated": "2024-08-27T19:36:36.453Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22380
Vulnerability from cvelistv5
Published
2023-02-16 00:00
Modified
2024-08-02 10:07
Severity ?
EPSS score ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.6. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.7 < 3.7.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:07:06.637Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.6" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.7.6", "status": "affected", "version": "3.7", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "yvvdwf" } ], "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.6. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22: Path Traversal", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-16T00:00:00", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.6" } ], "source": { "discovery": "EXTERNAL" }, "title": "Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site" } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2023-22380", "datePublished": "2023-02-16T00:00:00", "dateReserved": "2022-12-20T00:00:00", "dateUpdated": "2024-08-02T10:07:06.637Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10518
Vulnerability from cvelistv5
Published
2020-08-27 21:55
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program.
References
▼ | URL | Tags |
---|---|---|
https://enterprise.github.com/releases/2.19.21/notes | x_refsource_MISC | |
https://enterprise.github.com/releases/2.20.15/notes | x_refsource_MISC | |
https://enterprise.github.com/releases/2.21.6/notes | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 2.19 < 2.19.21 Version: 2.20 < 2.20.15 Version: 2.21 < 2.21.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:06:09.883Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://enterprise.github.com/releases/2.19.21/notes" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://enterprise.github.com/releases/2.20.15/notes" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://enterprise.github.com/releases/2.21.6/notes" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "2.19.21", "status": "affected", "version": "2.19", "versionType": "custom" }, { "lessThan": "2.20.15", "status": "affected", "version": "2.20", "versionType": "custom" }, { "lessThan": "2.21.6", "status": "affected", "version": "2.21", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "William Bowling" } ], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Command Injection - Generic", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-27T21:55:11", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://enterprise.github.com/releases/2.19.21/notes" }, { "tags": [ "x_refsource_MISC" ], "url": "https://enterprise.github.com/releases/2.20.15/notes" }, { "tags": [ "x_refsource_MISC" ], "url": "https://enterprise.github.com/releases/2.21.6/notes" } ], "source": { "discovery": "EXTERNAL" }, "title": "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2020-10518", "STATE": "PUBLIC", "TITLE": "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "2.19", "version_value": "2.19.21" }, { "version_affected": "\u003c", "version_name": "2.20", "version_value": "2.20.15" }, { "version_affected": "\u003c", "version_name": "2.21", "version_value": "2.21.6" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "credit": [ { "lang": "eng", "value": "William Bowling" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77: Command Injection - Generic" } ] } ] }, "references": { "reference_data": [ { "name": "https://enterprise.github.com/releases/2.19.21/notes", "refsource": "MISC", "url": "https://enterprise.github.com/releases/2.19.21/notes" }, { "name": "https://enterprise.github.com/releases/2.20.15/notes", "refsource": "MISC", "url": "https://enterprise.github.com/releases/2.20.15/notes" }, { "name": "https://enterprise.github.com/releases/2.21.6/notes", "refsource": "MISC", "url": "https://enterprise.github.com/releases/2.21.6/notes" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2020-10518", "datePublished": "2020-08-27T21:55:11", "dateReserved": "2020-03-12T00:00:00", "dateUpdated": "2024-08-04T11:06:09.883Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-5566
Vulnerability from cvelistv5
Published
2024-07-16 21:26
Modified
2024-08-01 21:18
Severity ?
EPSS score ?
Summary
An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.9.0 ≤ 3.9.16 Version: 3.10.0 ≤ 3.10.13 Version: 3.11.0 ≤ 3.11.11 Version: 3.12.0 ≤ 3.12.5 Version: 3.13 ≤ 3.13.0 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-5566", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-18T18:06:32.677272Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-22T19:47:55.185Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:18:06.292Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "changes": [ { "at": "3.9.17", "status": "unaffected" } ], "lessThanOrEqual": "3.9.16", "status": "affected", "version": "3.9.0", "versionType": "semver" }, { "changes": [ { "at": "3.10.14", "status": "unaffected" } ], "lessThanOrEqual": "3.10.13", "status": "affected", "version": "3.10.0", "versionType": "semver" }, { "changes": [ { "at": "3.11.12", "status": "unaffected" } ], "lessThanOrEqual": "3.11.11", "status": "affected", "version": "3.11.0", "versionType": "semver" }, { "changes": [ { "at": "3.12.6", "status": "unaffected" } ], "lessThanOrEqual": "3.12.5", "status": "affected", "version": "3.12.0", "versionType": "semver" }, { "changes": [ { "at": "3.13.1", "status": "unaffected" } ], "lessThanOrEqual": "3.13.0", "status": "affected", "version": "3.13", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Ganesh Kumar (iamgk808)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.\u003cbr\u003e" } ], "value": "An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17." } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-16T21:26:46.902Z", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17" }, { "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14" }, { "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10" }, { "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6" }, { "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1" } ], "source": { "discovery": "UNKNOWN" }, "title": "Improper Privilege Management allows for access to unauthorized repository content during migration", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2024-5566", "datePublished": "2024-07-16T21:26:46.902Z", "dateReserved": "2024-05-31T15:02:06.763Z", "dateUpdated": "2024-08-01T21:18:06.292Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-22865
Vulnerability from cvelistv5
Published
2021-04-02 17:25
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. The private repository metadata returned would be limited to repositories owned by the user the token identifies. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.4 and was fixed in versions 3.0.4, 2.22.10, 2.21.18. This vulnerability was reported via the GitHub Bug Bounty program.
References
▼ | URL | Tags |
---|---|---|
https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.4 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.10 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.18 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.0 < 3.0.4 Version: 2.22 < 2.22.10 Version: 2.21 < 2.21.18 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:51:07.557Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.10" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.18" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.0.4", "status": "affected", "version": "3.0", "versionType": "custom" }, { "lessThan": "2.22.10", "status": "affected", "version": "2.22", "versionType": "custom" }, { "lessThan": "2.21.18", "status": "affected", "version": "2.21", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "djcruz93" } ], "descriptions": [ { "lang": "en", "value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App\u0027s web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. The private repository metadata returned would be limited to repositories owned by the user the token identifies. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.4 and was fixed in versions 3.0.4, 2.22.10, 2.21.18. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "CWE-285: Improper Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-02T17:25:14", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.4" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.10" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.18" } ], "source": { "discovery": "EXTERNAL" }, "title": "Improper access control in GitHub Enterprise Server leading to unauthorized read access to private repository metadata", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2021-22865", "STATE": "PUBLIC", "TITLE": "Improper access control in GitHub Enterprise Server leading to unauthorized read access to private repository metadata" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "3.0", "version_value": "3.0.4" }, { "version_affected": "\u003c", "version_name": "2.22", "version_value": "2.22.10" }, { "version_affected": "\u003c", "version_name": "2.21", "version_value": "2.21.18" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "credit": [ { "lang": "eng", "value": "djcruz93" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App\u0027s web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. The private repository metadata returned would be limited to repositories owned by the user the token identifies. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.4 and was fixed in versions 3.0.4, 2.22.10, 2.21.18. This vulnerability was reported via the GitHub Bug Bounty program." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-285: Improper Authorization" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.4", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.4" }, { "name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.10", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.10" }, { "name": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.18", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.18" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2021-22865", "datePublished": "2021-04-02T17:25:14", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-03T18:51:07.557Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46257
Vulnerability from cvelistv5
Published
2023-03-07 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploit this vulnerability, an attacker would need access to the GHES instance, permissions to modify GitHub Actions runner groups, and successfully guess the obfuscated ID of private repositories. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.3 < 3.3.17 Version: 3.4 < 3.4.12 Version: 3.5 < 3.5.9 Version: 3.6 < 3.6.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:45.901Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.3.17", "status": "affected", "version": "3.3", "versionType": "custom" }, { "lessThan": "3.4.12", "status": "affected", "version": "3.4", "versionType": "custom" }, { "lessThan": "3.5.9", "status": "affected", "version": "3.5", "versionType": "custom" }, { "lessThan": "3.6.5", "status": "affected", "version": "3.6", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Anthony Bouvet (Kuromatae)" } ], "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploit this vulnerability, an attacker would need access to the GHES instance, permissions to modify GitHub Actions runner groups, and successfully guess the obfuscated ID of private repositories. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Information Disclosure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-07T00:00:00", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17" }, { "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12" }, { "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9" }, { "url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5" } ], "source": { "discovery": "EXTERNAL" }, "title": "Information disclosure in GitHub Enterprise Server leading to unauthorized viewing of private repository names" } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2022-46257", "datePublished": "2023-03-07T00:00:00", "dateReserved": "2022-11-28T00:00:00", "dateUpdated": "2024-08-03T14:31:45.901Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-23739
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that are not tied to a repository regardless of granted permissions, such as users and organization-wide projects. Resources associated with repositories were not impacted, such as repository file content, repository-specific projects, issues, or pull requests. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7.1 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, 3.6.4, 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.3 < 3.3.16 Version: 3.4 < 3.4.11 Version: 3.5 < 3.5.8 Version: 3.6 < 3.6.4 Version: 3.7 < 3.7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:51:46.013Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.16" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.11" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.8" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.3.16", "status": "affected", "version": "3.3", "versionType": "custom" }, { "lessThan": "3.4.11", "status": "affected", "version": "3.4", "versionType": "custom" }, { "lessThan": "3.5.8", "status": "affected", "version": "3.5", "versionType": "custom" }, { "lessThan": "3.6.4", "status": "affected", "version": "3.6", "versionType": "custom" }, { "lessThan": "3.7.1", "status": "affected", "version": "3.7", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "ahacker1" } ], "descriptions": [ { "lang": "en", "value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that are not tied to a repository regardless of granted permissions, such as users and organization-wide projects. Resources associated with repositories were not impacted, such as repository file content, repository-specific projects, issues, or pull requests. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7.1 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, 3.6.4, 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-17T00:00:00", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1" }, { "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.16" }, { "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.11" }, { "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.8" }, { "url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.4" } ], "source": { "discovery": "EXTERNAL" }, "title": "Incorrect authorization check in GitHub Enterprise Server leading to escalation of privileges in GraphQL API requests from GitHub Apps using scoped user-to-server tokens" } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2022-23739", "datePublished": "2023-01-17T00:00:00", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:51:46.013Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6800
Vulnerability from cvelistv5
Published
2024-08-20 19:21
Modified
2024-08-22 14:18
Severity ?
EPSS score ?
Summary
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.13.0 ≤ 3.13.2 Version: 3.12.0 ≤ 3.12.7 Version: 3.11.0 ≤ 3.11.13 Version: 3.10.0 ≤ 3.10.15 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:github:enterprise_server:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "enterprise_server", "vendor": "github", "versions": [ { "status": "unaffected", "version": "3.13.3" }, { "lessThanOrEqual": "3.13.2", "status": "affected", "version": "3.13.0", "versionType": "semver" }, { "status": "unaffected", "version": "3.12.8" }, { "lessThanOrEqual": "3.12.7", "status": "affected", "version": "3.12.0", "versionType": "semver" }, { "status": "unaffected", "version": "3.11.14" }, { "lessThanOrEqual": "3.11.13", "status": "affected", "version": "3.11.0", "versionType": "semver" }, { "status": "unaffected", "version": "3.10.16" }, { "lessThanOrEqual": "3.10.15", "status": "affected", "version": "3.10.0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6800", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-21T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-22T03:55:16.212Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "changes": [ { "at": "3.13.3", "status": "unaffected" } ], "lessThanOrEqual": "3.13.2", "status": "affected", "version": "3.13.0", "versionType": "semver" }, { "changes": [ { "at": "3.12.8", "status": "unaffected" } ], "lessThanOrEqual": "3.12.7", "status": "affected", "version": "3.12.0", "versionType": "semver" }, { "changes": [ { "at": "3.11.14", "status": "unaffected" } ], "lessThanOrEqual": "3.11.13", "status": "affected", "version": "3.11.0", "versionType": "semver" }, { "changes": [ { "at": "3.10.16", "status": "unaffected" } ], "lessThanOrEqual": "3.10.15", "status": "affected", "version": "3.10.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ahacker1" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003euser with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e" } ], "value": "An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program." } ], "impacts": [ { "capecId": "CAPEC-115", "descriptions": [ { "lang": "en", "value": "CAPEC-115 Authentication Bypass" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 9.5, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/R:U/V:C/RE:H/U:Red", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-22T14:18:09.305Z", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3" }, { "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8" }, { "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14" }, { "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2024-6800", "datePublished": "2024-08-20T19:21:31.409Z", "dateReserved": "2024-07-16T19:05:26.418Z", "dateUpdated": "2024-08-22T14:18:09.305Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-5817
Vulnerability from cvelistv5
Published
2024-07-16 21:27
Modified
2024-08-01 21:25
Severity ?
EPSS score ?
Summary
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This was only exploitable in internal repositories and required the attacker to have access to the corresponding project board. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.10.0 ≤ 3.10.13 Version: 3.11.0 ≤ 3.11.11 Version: 3.12.0 ≤ 3.12.5 Version: 3.13 ≤ 3.13.0 Version: 3.9.0 ≤ 3.9.16 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-5817", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-17T19:30:47.419487Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-17T19:31:17.566Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:25:02.832Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "changes": [ { "at": "3.10.14", "status": "unaffected" } ], "lessThanOrEqual": "3.10.13", "status": "affected", "version": "3.10.0", "versionType": "semver" }, { "changes": [ { "at": "3.11.12", "status": "unaffected" } ], "lessThanOrEqual": "3.11.11", "status": "affected", "version": "3.11.0", "versionType": "semver" }, { "changes": [ { "at": "3.12.6", "status": "unaffected" } ], "lessThanOrEqual": "3.12.5", "status": "affected", "version": "3.12.0", "versionType": "semver" }, { "changes": [ { "at": "3.13.1", "status": "unaffected" } ], "lessThanOrEqual": "3.13.0", "status": "affected", "version": "3.13", "versionType": "semver" }, { "changes": [ { "at": "3.9.17", "status": "unaffected" } ], "lessThanOrEqual": "3.9.16", "status": "affected", "version": "3.9.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ahacker1" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: transparent;\"\u003eAn Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This was only exploitable in internal repositories and required the attacker to have access to the corresponding project board. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003cbr\u003e" } ], "value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. This was only exploitable in internal repositories and required the attacker to have access to the corresponding project board. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program." } ], "impacts": [ { "capecId": "CAPEC-114", "descriptions": [ { "lang": "en", "value": "CAPEC-114 Authentication Abuse" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 5.9, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-16T21:27:03.820Z", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15" }, { "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12" }, { "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6" }, { "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1" }, { "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17" } ], "source": { "discovery": "UNKNOWN" }, "title": "Improper authorization allows read access to issue content in GitHub Enterprise Server", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2024-5817", "datePublished": "2024-07-16T21:27:03.820Z", "dateReserved": "2024-06-10T20:16:49.004Z", "dateUpdated": "2024-08-01T21:25:02.832Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-23741
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.3 < 3.3.17 Version: 3.4 < 3.4.12 Version: 3.5 < 3.5.9 Version: 3.6 < 3.6.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:51:46.025Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.3.17", "status": "affected", "version": "3.3", "versionType": "custom" }, { "lessThan": "3.4.12", "status": "affected", "version": "3.4", "versionType": "custom" }, { "lessThan": "3.5.9", "status": "affected", "version": "3.5", "versionType": "custom" }, { "lessThan": "3.6.5", "status": "affected", "version": "3.6", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Vaibhav Singh (@vaib25vicky)" } ], "descriptions": [ { "lang": "en", "value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-14T00:00:00", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17" }, { "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12" }, { "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9" }, { "url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5" } ], "source": { "discovery": "EXTERNAL" }, "title": "Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access" } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2022-23741", "datePublished": "2022-12-14T00:00:00", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:51:46.025Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-23733
Vulnerability from cvelistv5
Published
2022-08-02 16:05
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program.
References
▼ | URL | Tags |
---|---|---|
https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.3 < 3.3.11 Version: 3.4 < 3.4.6 Version: 3.5 < 3.5.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:51:45.926Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.3.11", "status": "affected", "version": "3.3", "versionType": "custom" }, { "lessThan": "3.4.6", "status": "affected", "version": "3.4", "versionType": "custom" }, { "lessThan": "3.5.3", "status": "affected", "version": "3.5", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "None" } ], "descriptions": [ { "lang": "en", "value": "A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github\u0027s Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS) - Stored", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-02T16:05:14", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3" } ], "source": { "discovery": "EXTERNAL" }, "title": "Stored XSS vulnerability in GitHub Enterprise Server leading to injection of arbitrary attributes", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2022-23733", "STATE": "PUBLIC", "TITLE": "Stored XSS vulnerability in GitHub Enterprise Server leading to injection of arbitrary attributes" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "3.3", "version_value": "3.3.11" }, { "version_affected": "\u003c", "version_name": "3.4", "version_value": "3.4.6" }, { "version_affected": "\u003c", "version_name": "3.5", "version_value": "3.5.3" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "credit": [ { "lang": "eng", "value": "None" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github\u0027s Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS) - Stored" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.11", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.11" }, { "name": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.6", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.6" }, { "name": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.3", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.3" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2022-23733", "datePublished": "2022-08-02T16:05:14", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:51:45.926Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-22862
Vulnerability from cvelistv5
Published
2021-03-03 03:25
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program.
References
▼ | URL | Tags |
---|---|---|
https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.0 < 3.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:51:07.479Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.0.1", "status": "affected", "version": "3.0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Teddy Katz" } ], "descriptions": [ { "lang": "en", "value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "CWE-285: Improper Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-03T03:25:22", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1" } ], "source": { "discovery": "EXTERNAL" }, "title": "Improper access control in GitHub Enterprise Server leading to the disclosure of Actions secrets to forks", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2021-22862", "STATE": "PUBLIC", "TITLE": "Improper access control in GitHub Enterprise Server leading to the disclosure of Actions secrets to forks" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "3.0", "version_value": "3.0.1" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "credit": [ { "lang": "eng", "value": "Teddy Katz" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-285: Improper Authorization" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2021-22862", "datePublished": "2021-03-03T03:25:22", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-03T18:51:07.479Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-23732
Vulnerability from cvelistv5
Published
2022-04-05 00:10
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.1 < 3.1.19 Version: 3.2 < 3.2.11 Version: 3.3 < 3.3.6 Version: 3.4 < 3.4.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:51:46.012Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.19" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.11" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.6" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.1.19", "status": "affected", "version": "3.1", "versionType": "custom" }, { "lessThan": "3.2.11", "status": "affected", "version": "3.2", "versionType": "custom" }, { "lessThan": "3.3.6", "status": "affected", "version": "3.3", "versionType": "custom" }, { "lessThan": "3.4.1", "status": "affected", "version": "3.4", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "bitquark" } ], "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-23", "description": "CWE-23, CWE-352", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-05T00:10:11", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.19" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.11" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.6" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.1" } ], "source": { "discovery": "INTERNAL" }, "title": "Path traversal in GitHub Enterprise Server management console leading to a bypass of CSRF protections", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2022-23732", "STATE": "PUBLIC", "TITLE": "Path traversal in GitHub Enterprise Server management console leading to a bypass of CSRF protections" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "3.1", "version_value": "3.1.19" }, { "version_affected": "\u003c", "version_name": "3.2", "version_value": "3.2.11" }, { "version_affected": "\u003c", "version_name": "3.3", "version_value": "3.3.6" }, { "version_affected": "\u003c", "version_name": "3.4", "version_value": "3.4.1" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "credit": [ { "lang": "eng", "value": "bitquark" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-23, CWE-352" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.19", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.19" }, { "name": "https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.11", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.11" }, { "name": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.6", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.6" }, { "name": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.1", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.1" } ] }, "source": { "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2022-23732", "datePublished": "2022-04-05T00:10:11", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:51:46.012Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-22870
Vulnerability from cvelistv5
Published
2021-11-10 01:55
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported via the GitHub Bug Bounty program.
References
▼ | URL | Tags |
---|---|---|
https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.19 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.11 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.3 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.0 < 3.0.19 Version: 3.1 < 3.1.11 Version: 3.2 < 3.2.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:51:07.675Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.19" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.11" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.0.19", "status": "affected", "version": "3.0", "versionType": "custom" }, { "lessThan": "3.1.11", "status": "affected", "version": "3.1", "versionType": "custom" }, { "lessThan": "3.2.3", "status": "affected", "version": "3.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "yvvdwf" } ], "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-23", "description": "CWE-23", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-10T01:55:11", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.19" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.11" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.3" } ], "source": { "discovery": "EXTERNAL" }, "title": "Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2021-22870", "STATE": "PUBLIC", "TITLE": "Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "3.0", "version_value": "3.0.19" }, { "version_affected": "\u003c", "version_name": "3.1", "version_value": "3.1.11" }, { "version_affected": "\u003c", "version_name": "3.2", "version_value": "3.2.3" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "credit": [ { "lang": "eng", "value": "yvvdwf" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported via the GitHub Bug Bounty program." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-23" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.19", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.19" }, { "name": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.11", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.11" }, { "name": "https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.3", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.3" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2021-22870", "datePublished": "2021-11-10T01:55:11", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-03T18:51:07.675Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46256
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.3 < 3.3.17 Version: 3.4 < 3.4.12 Version: 3.5 < 3.5.9 Version: 3.6 < 3.6.5 Version: 3.7 < 3.7.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:44.431Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.3.17", "status": "affected", "version": "3.3", "versionType": "custom" }, { "lessThan": "3.4.12", "status": "affected", "version": "3.4", "versionType": "custom" }, { "lessThan": "3.5.9", "status": "affected", "version": "3.5", "versionType": "custom" }, { "lessThan": "3.6.5", "status": "affected", "version": "3.6", "versionType": "custom" }, { "lessThan": "3.7.2", "status": "affected", "version": "3.7", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "yvvdwf" } ], "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-14T00:00:00", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17" }, { "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12" }, { "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9" }, { "url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5" }, { "url": "https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.2" } ], "source": { "discovery": "EXTERNAL" }, "title": "Path traversal in GitHub Enterprise Server leading to remote code execution in GitHub Pages" } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2022-46256", "datePublished": "2022-12-14T00:00:00", "dateReserved": "2022-11-28T00:00:00", "dateUpdated": "2024-08-03T14:31:44.431Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-23738
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to create a public repository, and have a site administrator visit a specially crafted URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.2 < 3.2.20 Version: 3.3 < 3.3.15 Version: 3.4 < 3.4.10 Version: 3.5 < 3.5.7 Version: 3.6 < 3.6.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:51:46.239Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.20" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.15" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.10" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.7" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.2.20", "status": "affected", "version": "3.2", "versionType": "custom" }, { "lessThan": "3.3.15", "status": "affected", "version": "3.3", "versionType": "custom" }, { "lessThan": "3.4.10", "status": "affected", "version": "3.4", "versionType": "custom" }, { "lessThan": "3.5.7", "status": "affected", "version": "3.5", "versionType": "custom" }, { "lessThan": "3.6.3", "status": "affected", "version": "3.6", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "ahacker1" } ], "descriptions": [ { "lang": "en", "value": "An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to create a public repository, and have a site administrator visit a specially crafted URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.20" }, { "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.15" }, { "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.10" }, { "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.7" }, { "url": "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.3" } ], "source": { "discovery": "EXTERNAL" }, "title": "Incomplete cache verification issue in GitHub Enterprise Server leading to exposure of private repo files" } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2022-23738", "datePublished": "2022-11-01T00:00:00", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:51:46.239Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6336
Vulnerability from cvelistv5
Published
2024-07-16 21:27
Modified
2024-08-01 21:33
Severity ?
EPSS score ?
Summary
A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.10.0 ≤ 3.10.13 Version: 3.11.0 ≤ 3.11.11 Version: 3.12.0 ≤ 3.12.5 Version: 3.13 ≤ 3.13.0 Version: 3.9.0 ≤ 3.9.16 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-6336", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-17T15:38:56.968094Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-17T15:39:07.466Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:33:05.420Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "changes": [ { "at": "3.10.14", "status": "unaffected" } ], "lessThanOrEqual": "3.10.13", "status": "affected", "version": "3.10.0", "versionType": "semver" }, { "changes": [ { "at": "3.11.12", "status": "unaffected" } ], "lessThanOrEqual": "3.11.11", "status": "affected", "version": "3.11.0", "versionType": "semver" }, { "changes": [ { "at": "3.12.6", "status": "unaffected" } ], "lessThanOrEqual": "3.12.5", "status": "affected", "version": "3.12.0", "versionType": "semver" }, { "changes": [ { "at": "3.13.1", "status": "unaffected" } ], "lessThanOrEqual": "3.13.0", "status": "affected", "version": "3.13", "versionType": "semver" }, { "changes": [ { "at": "3.9.17", "status": "unaffected" } ], "lessThanOrEqual": "3.9.16", "status": "affected", "version": "3.9.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Omar El Latif" }, { "lang": "en", "type": "finder", "value": "Giovanni Guido" }, { "lang": "en", "type": "finder", "value": "Antonio Francesco Sardella" }, { "lang": "en", "type": "finder", "value": "Andrea Valenza" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: transparent;\"\u003eA Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003cbr\u003e" } ], "value": "A Security Misconfiguration vulnerability in GitHub Enterprise Server allowed sensitive information disclosure to unauthorized users in GitHub Enterprise Server by exploiting organization ruleset feature. This attack required an organization member to explicitly change the visibility of a dependent repository from private to public. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. This vulnerability was reported via the GitHub Bug Bounty program." } ], "impacts": [ { "capecId": "CAPEC-212", "descriptions": [ { "lang": "en", "value": "CAPEC-212 Functionality Misuse" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NO", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:N/R:U/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-16T21:27:07.393Z", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.15" }, { "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.12" }, { "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6" }, { "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1" }, { "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17" } ], "source": { "discovery": "UNKNOWN" }, "title": "Security misconfiguration was identified in GitHub Enterprise Server that allowed sensitive data exposure", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2024-6336", "datePublished": "2024-07-16T21:27:07.393Z", "dateReserved": "2024-06-25T20:18:21.890Z", "dateUpdated": "2024-08-01T21:33:05.420Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-22868
Vulnerability from cvelistv5
Published
2021-09-24 17:50
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This vulnerability was reported via the GitHub Bug Bounty program. This is the result of an incomplete fix for CVE-2021-22867.
References
▼ | URL | Tags |
---|---|---|
https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.22 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 2.22 < 2.22.22 Version: 3.0 < 3.0.16 Version: 3.1 < 3.1.8 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:51:07.475Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.22" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "2.22.22", "status": "affected", "version": "2.22", "versionType": "custom" }, { "lessThan": "3.0.16", "status": "affected", "version": "3.0", "versionType": "custom" }, { "lessThan": "3.1.8", "status": "affected", "version": "3.1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "yvvdwf" } ], "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This vulnerability was reported via the GitHub Bug Bounty program. This is the result of an incomplete fix for CVE-2021-22867." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Command Injection - Generic", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-24T17:50:16", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.22" } ], "source": { "discovery": "EXTERNAL" }, "title": "Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2021-22868", "STATE": "PUBLIC", "TITLE": "Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "2.22", "version_value": "2.22.22" }, { "version_affected": "\u003c", "version_name": "3.0", "version_value": "3.0.16" }, { "version_affected": "\u003c", "version_name": "3.1", "version_value": "3.1.8" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "credit": [ { "lang": "eng", "value": "yvvdwf" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This vulnerability was reported via the GitHub Bug Bounty program. This is the result of an incomplete fix for CVE-2021-22867." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-77: Command Injection - Generic" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.16", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.16" }, { "name": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.8", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.8" }, { "name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.22", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.22" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2021-22868", "datePublished": "2021-09-24T17:50:16", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-03T18:51:07.475Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-5815
Vulnerability from cvelistv5
Published
2024-07-16 21:26
Modified
2024-08-01 21:25
Severity ?
EPSS score ?
Summary
A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit a tag in the attacker's fork of their own repository. vulnerability affected all versions of GitHub Enterprise Server prior 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.
This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.9.0 ≤ 3.9.16 Version: 3.10.0 ≤ 3.10.13 Version: 3.11.0 ≤ 3.11.11 Version: 3.12.0 ≤ 3.12.5 Version: 3.13 ≤ 3.13.0 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-5815", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-24T20:44:57.534814Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-24T20:48:10.911Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:25:02.739Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.9.17" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.10.14" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.11.12" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.12.6" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "changes": [ { "at": "3.9.17", "status": "unaffected" } ], "lessThanOrEqual": "3.9.16", "status": "affected", "version": "3.9.0", "versionType": "semver" }, { "changes": [ { "at": "3.10.14", "status": "unaffected" } ], "lessThanOrEqual": "3.10.13", "status": "affected", "version": "3.10.0", "versionType": "semver" }, { "changes": [ { "at": "3.11.12", "status": "unaffected" } ], "lessThanOrEqual": "3.11.11", "status": "affected", "version": "3.11.0", "versionType": "semver" }, { "changes": [ { "at": "3.12.6", "status": "unaffected" } ], "lessThanOrEqual": "3.12.5", "status": "affected", "version": "3.12.0", "versionType": "semver" }, { "changes": [ { "at": "3.13.1", "status": "unaffected" } ], "lessThanOrEqual": "3.13.0", "status": "affected", "version": "3.13", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ahacker1" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: transparent;\"\u003eA Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit a tag in the attacker\u0027s fork of their own repository. vulnerability affected all versions of GitHub Enterprise Server prior 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.\n\n\n This vulnerability was reported via the GitHub Bug Bounty program.\u003c/span\u003e\u003cbr\u003e" } ], "value": "A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit a tag in the attacker\u0027s fork of their own repository. vulnerability affected all versions of GitHub Enterprise Server prior 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.\n\n\n This vulnerability was reported via the GitHub Bug Bounty program." } ], "impacts": [ { "capecId": "CAPEC-62", "descriptions": [ { "lang": "en", "value": "CAPEC-62 Cross Site Request Forgery" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NO", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/S:N/AU:N/R:U/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-16T21:26:57.404Z", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.9.17" }, { "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.10.14" }, { "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.11.12" }, { "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.12.6" }, { "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1" } ], "source": { "discovery": "UNKNOWN" }, "title": "Cross Site Request Forgery was identified in GitHub Enterprise Server that allowed write in a user owned repository", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2024-5815", "datePublished": "2024-07-16T21:26:57.404Z", "dateReserved": "2024-06-10T20:08:13.175Z", "dateUpdated": "2024-08-01T21:25:02.739Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-23734
Vulnerability from cvelistv5
Published
2022-10-19 00:00
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.2 < 3.2.16 Version: 3.3 < 3.3.11 Version: 3.4 < 3.4.6 Version: 3.5 < 3.5.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:51:45.942Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3" }, { "tags": [ "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.2.16", "status": "affected", "version": "3.2", "versionType": "custom" }, { "lessThan": "3.3.11", "status": "affected", "version": "3.3", "versionType": "custom" }, { "lessThan": "3.4.6", "status": "affected", "version": "3.4", "versionType": "custom" }, { "lessThan": "3.5.3", "status": "affected", "version": "3.5", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Alex Chapman" } ], "descriptions": [ { "lang": "en", "value": "A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "CWE-502\tDeserialization of Untrusted Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-19T00:00:00", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "url": "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11" }, { "url": "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6" }, { "url": "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3" }, { "url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.16" } ], "source": { "discovery": "EXTERNAL" }, "title": "Deserialization of Untrusted Data vulnerability in GitHub Enterprise Server leading to Remote Code Execution" } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2022-23734", "datePublished": "2022-10-19T00:00:00", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:51:45.942Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-22866
Vulnerability from cvelistv5
Published
2021-05-14 21:10
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but in certain circumstances, if the user revisits the authorization flow after the GitHub App has configured additional user-level permissions, those additional permissions may not be shown, leading to more permissions being granted than the user potentially intended. This vulnerability affected GitHub Enterprise Server 3.0.x prior to 3.0.7 and 2.22.x prior to 2.22.13. It was fixed in versions 3.0.7 and 2.22.13. This vulnerability was reported via the GitHub Bug Bounty program.
References
▼ | URL | Tags |
---|---|---|
https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.7 | x_refsource_MISC | |
https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.13 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | GitHub | GitHub Enterprise Server |
Version: 3.0 < 3.0.7 Version: 2.22 < 2.22.13 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:51:07.627Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.7" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.13" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitHub Enterprise Server", "vendor": "GitHub", "versions": [ { "lessThan": "3.0.7", "status": "affected", "version": "3.0", "versionType": "custom" }, { "lessThan": "2.22.13", "status": "affected", "version": "2.22", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Vaibhav Singh (vaib25vicky)" } ], "descriptions": [ { "lang": "en", "value": "A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App\u0027s user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but in certain circumstances, if the user revisits the authorization flow after the GitHub App has configured additional user-level permissions, those additional permissions may not be shown, leading to more permissions being granted than the user potentially intended. This vulnerability affected GitHub Enterprise Server 3.0.x prior to 3.0.7 and 2.22.x prior to 2.22.13. It was fixed in versions 3.0.7 and 2.22.13. This vulnerability was reported via the GitHub Bug Bounty program." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-451", "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-14T21:10:12", "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.7" }, { "tags": [ "x_refsource_MISC" ], "url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.13" } ], "source": { "discovery": "EXTERNAL" }, "title": "UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user resources", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-cna@github.com", "ID": "CVE-2021-22866", "STATE": "PUBLIC", "TITLE": "UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user resources" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitHub Enterprise Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "3.0", "version_value": "3.0.7" }, { "version_affected": "\u003c", "version_name": "2.22", "version_value": "2.22.13" } ] } } ] }, "vendor_name": "GitHub" } ] } }, "credit": [ { "lang": "eng", "value": "Vaibhav Singh (vaib25vicky)" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App\u0027s user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but in certain circumstances, if the user revisits the authorization flow after the GitHub App has configured additional user-level permissions, those additional permissions may not be shown, leading to more permissions being granted than the user potentially intended. This vulnerability affected GitHub Enterprise Server 3.0.x prior to 3.0.7 and 2.22.x prior to 2.22.13. It was fixed in versions 3.0.7 and 2.22.13. This vulnerability was reported via the GitHub Bug Bounty program." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-451: User Interface (UI) Misrepresentation of Critical Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.7", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.7" }, { "name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.13", "refsource": "MISC", "url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.13" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "assignerShortName": "GitHub_P", "cveId": "CVE-2021-22866", "datePublished": "2021-05-14T21:10:12", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-03T18:51:07.627Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }