Vulnerabilites related to github - github
cve-2020-10517
Vulnerability from cvelistv5
Published
2020-08-27 21:55
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://enterprise.github.com/releases/2.19.21/notes | x_refsource_MISC | |
| https://enterprise.github.com/releases/2.20.15/notes | x_refsource_MISC | |
| https://enterprise.github.com/releases/2.21.6/notes | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 2.21 < 2.21.6 Version: 2.20 < 2.20.15 Version: 2.19 < 2.19.21 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:06:09.569Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://enterprise.github.com/releases/2.19.21/notes", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://enterprise.github.com/releases/2.20.15/notes", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://enterprise.github.com/releases/2.21.6/notes", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GitHub Enterprise Server", vendor: "GitHub", versions: [ { lessThan: "2.21.6", status: "affected", version: "2.21", versionType: "custom", }, { lessThan: "2.20.15", status: "affected", version: "2.20", versionType: "custom", }, { lessThan: "2.19.21", status: "affected", version: "2.19", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "William Bowling", }, ], descriptions: [ { lang: "en", value: "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285: Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-27T21:55:16", orgId: "82327ea3-741d-41e4-88f8-2cf9e791e760", shortName: "GitHub_P", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://enterprise.github.com/releases/2.19.21/notes", }, { tags: [ "x_refsource_MISC", ], url: "https://enterprise.github.com/releases/2.20.15/notes", }, { tags: [ "x_refsource_MISC", ], url: "https://enterprise.github.com/releases/2.21.6/notes", }, ], source: { discovery: "EXTERNAL", }, title: "Improper access control in GitHub Enterprise Server leading to the enumeration of private repository names", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "product-cna@github.com", ID: "CVE-2020-10517", STATE: "PUBLIC", TITLE: "Improper access control in GitHub Enterprise Server leading to the enumeration of private repository names", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GitHub Enterprise Server", version: { version_data: [ { version_affected: "<", version_name: "2.21", version_value: "2.21.6", }, { version_affected: "<", version_name: "2.20", version_value: "2.20.15", }, { version_affected: "<", version_name: "2.19", version_value: "2.19.21", }, ], }, }, ], }, vendor_name: "GitHub", }, ], }, }, credit: [ { lang: "eng", value: "William Bowling", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-285: Improper Authorization", }, ], }, ], }, references: { reference_data: [ { name: "https://enterprise.github.com/releases/2.19.21/notes", refsource: "MISC", url: "https://enterprise.github.com/releases/2.19.21/notes", }, { name: "https://enterprise.github.com/releases/2.20.15/notes", refsource: "MISC", url: "https://enterprise.github.com/releases/2.20.15/notes", }, { name: "https://enterprise.github.com/releases/2.21.6/notes", refsource: "MISC", url: "https://enterprise.github.com/releases/2.21.6/notes", }, ], }, source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "82327ea3-741d-41e4-88f8-2cf9e791e760", assignerShortName: "GitHub_P", cveId: "CVE-2020-10517", datePublished: "2020-08-27T21:55:16", dateReserved: "2020-03-12T00:00:00", dateUpdated: "2024-08-04T11:06:09.569Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22863
Vulnerability from cvelistv5
Published
2021-03-03 03:25
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 2.20 < 2.20.24 Version: 2.21 < 2.21.15 Version: 2.22 < 2.22.7 Version: 3.0 < 3.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:51:07.572Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GitHub Enterprise Server", vendor: "GitHub", versions: [ { lessThan: "2.20.24", status: "affected", version: "2.20", versionType: "custom", }, { lessThan: "2.21.15", status: "affected", version: "2.21", versionType: "custom", }, { lessThan: "2.22.7", status: "affected", version: "2.22", versionType: "custom", }, { lessThan: "3.0.1", status: "affected", version: "3.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Teddy Katz", }, ], descriptions: [ { lang: "en", value: "An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285 Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-03T03:25:23", orgId: "82327ea3-741d-41e4-88f8-2cf9e791e760", shortName: "GitHub_P", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24", }, { tags: [ "x_refsource_MISC", ], url: "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15", }, { tags: [ "x_refsource_MISC", ], url: "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7", }, { tags: [ "x_refsource_MISC", ], url: "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1", }, ], source: { discovery: "EXTERNAL", }, title: "Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "product-cna@github.com", ID: "CVE-2021-22863", STATE: "PUBLIC", TITLE: "Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GitHub Enterprise Server", version: { version_data: [ { version_affected: "<", version_name: "2.20", version_value: "2.20.24", }, { version_affected: "<", version_name: "2.21", version_value: "2.21.15", }, { version_affected: "<", version_name: "2.22", version_value: "2.22.7", }, { version_affected: "<", version_name: "3.0", version_value: "3.0.1", }, ], }, }, ], }, vendor_name: "GitHub", }, ], }, }, credit: [ { lang: "eng", value: "Teddy Katz", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-285 Improper Authorization", }, ], }, ], }, references: { reference_data: [ { name: "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24", refsource: "MISC", url: "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24", }, { name: "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15", refsource: "MISC", url: "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15", }, { name: "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7", refsource: "MISC", url: "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7", }, { name: "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1", refsource: "MISC", url: "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1", }, ], }, source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "82327ea3-741d-41e4-88f8-2cf9e791e760", assignerShortName: "GitHub_P", cveId: "CVE-2021-22863", datePublished: "2021-03-03T03:25:23", dateReserved: "2021-01-06T00:00:00", dateUpdated: "2024-08-03T18:51:07.572Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10516
Vulnerability from cvelistv5
Published
2020-06-03 13:31
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://enterprise.github.com/releases/2.20.9/notes | x_refsource_MISC | |
| https://enterprise.github.com/releases/2.19.15/notes | x_refsource_MISC | |
| https://enterprise.github.com/releases/2.18.20/notes | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 2.20 < 2.20.9 Version: 2.19 < 2.19.15 Version: 2.18 < 2.18.20 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:06:09.534Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://enterprise.github.com/releases/2.20.9/notes", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://enterprise.github.com/releases/2.19.15/notes", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://enterprise.github.com/releases/2.18.20/notes", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GitHub Enterprise Server", vendor: "GitHub", versions: [ { lessThan: "2.20.9", status: "affected", version: "2.20", versionType: "custom", }, { lessThan: "2.19.15", status: "affected", version: "2.19", versionType: "custom", }, { lessThan: "2.18.20", status: "affected", version: "2.18", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Vaibhav Singh", }, ], descriptions: [ { lang: "en", value: "An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285: Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-03T13:31:24", orgId: "82327ea3-741d-41e4-88f8-2cf9e791e760", shortName: "GitHub_P", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://enterprise.github.com/releases/2.20.9/notes", }, { tags: [ "x_refsource_MISC", ], url: "https://enterprise.github.com/releases/2.19.15/notes", }, { tags: [ "x_refsource_MISC", ], url: "https://enterprise.github.com/releases/2.18.20/notes", }, ], source: { discovery: "EXTERNAL", }, title: "Improper access control in GitHub Enterprise Server leading to privilege escalation of organization member", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "product-cna@github.com", ID: "CVE-2020-10516", STATE: "PUBLIC", TITLE: "Improper access control in GitHub Enterprise Server leading to privilege escalation of organization member", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GitHub Enterprise Server", version: { version_data: [ { version_affected: "<", version_name: "2.20", version_value: "2.20.9", }, { version_affected: "<", version_name: "2.19", version_value: "2.19.15", }, { version_affected: "<", version_name: "2.18", version_value: "2.18.20", }, ], }, }, ], }, vendor_name: "GitHub", }, ], }, }, credit: [ { lang: "eng", value: "Vaibhav Singh", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-285: Improper Authorization", }, ], }, ], }, references: { reference_data: [ { name: "https://enterprise.github.com/releases/2.20.9/notes", refsource: "MISC", url: "https://enterprise.github.com/releases/2.20.9/notes", }, { name: "https://enterprise.github.com/releases/2.19.15/notes", refsource: "MISC", url: "https://enterprise.github.com/releases/2.19.15/notes", }, { name: "https://enterprise.github.com/releases/2.18.20/notes", refsource: "MISC", url: "https://enterprise.github.com/releases/2.18.20/notes", }, ], }, source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "82327ea3-741d-41e4-88f8-2cf9e791e760", assignerShortName: "GitHub_P", cveId: "CVE-2020-10516", datePublished: "2020-06-03T13:31:24", dateReserved: "2020-03-12T00:00:00", dateUpdated: "2024-08-04T11:06:09.534Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18365
Vulnerability from cvelistv5
Published
2019-03-28 05:23
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html | x_refsource_MISC | |
| https://enterprise.github.com/releases/2.8.7/notes | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:20:50.961Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://enterprise.github.com/releases/2.8.7/notes", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-28T05:23:18", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html", }, { tags: [ "x_refsource_MISC", ], url: "https://enterprise.github.com/releases/2.8.7/notes", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18365", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html", refsource: "MISC", url: "https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html", }, { name: "https://enterprise.github.com/releases/2.8.7/notes", refsource: "MISC", url: "https://enterprise.github.com/releases/2.8.7/notes", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18365", datePublished: "2019-03-28T05:23:18", dateReserved: "2019-03-28T00:00:00", dateUpdated: "2024-08-05T21:20:50.961Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22861
Vulnerability from cvelistv5
Published
2021-03-03 03:25
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 2.20 < 2.20.24 Version: 2.21 < 2.21.15 Version: 2.22 < 2.22.7 Version: 3.0 < 3.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:51:07.561Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GitHub Enterprise Server", vendor: "GitHub", versions: [ { lessThan: "2.20.24", status: "affected", version: "2.20", versionType: "custom", }, { lessThan: "2.21.15", status: "affected", version: "2.21", versionType: "custom", }, { lessThan: "2.22.7", status: "affected", version: "2.22", versionType: "custom", }, { lessThan: "3.0.1", status: "affected", version: "3.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Teddy Katz", }, ], descriptions: [ { lang: "en", value: "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285 Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-03T03:25:21", orgId: "82327ea3-741d-41e4-88f8-2cf9e791e760", shortName: "GitHub_P", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24", }, { tags: [ "x_refsource_MISC", ], url: "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15", }, { tags: [ "x_refsource_MISC", ], url: "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7", }, { tags: [ "x_refsource_MISC", ], url: "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1", }, ], source: { discovery: "EXTERNAL", }, title: "Improper access control in GitHub Enterprise Server leading to unauthorized write access to forkable repositories", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "product-cna@github.com", ID: "CVE-2021-22861", STATE: "PUBLIC", TITLE: "Improper access control in GitHub Enterprise Server leading to unauthorized write access to forkable repositories", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GitHub Enterprise Server", version: { version_data: [ { version_affected: "<", version_name: "2.20", version_value: "2.20.24", }, { version_affected: "<", version_name: "2.21", version_value: "2.21.15", }, { version_affected: "<", version_name: "2.22", version_value: "2.22.7", }, { version_affected: "<", version_name: "3.0", version_value: "3.0.1", }, ], }, }, ], }, vendor_name: "GitHub", }, ], }, }, credit: [ { lang: "eng", value: "Teddy Katz", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-285 Improper Authorization", }, ], }, ], }, references: { reference_data: [ { name: "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24", refsource: "MISC", url: "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24", }, { name: "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15", refsource: "MISC", url: "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15", }, { name: "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7", refsource: "MISC", url: "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7", }, { name: "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1", refsource: "MISC", url: "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1", }, ], }, source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "82327ea3-741d-41e4-88f8-2cf9e791e760", assignerShortName: "GitHub_P", cveId: "CVE-2021-22861", datePublished: "2021-03-03T03:25:21", dateReserved: "2021-01-06T00:00:00", dateUpdated: "2024-08-03T18:51:07.561Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22862
Vulnerability from cvelistv5
Published
2021-03-03 03:25
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.0 < 3.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:51:07.479Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GitHub Enterprise Server", vendor: "GitHub", versions: [ { lessThan: "3.0.1", status: "affected", version: "3.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Teddy Katz", }, ], descriptions: [ { lang: "en", value: "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285: Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-03T03:25:22", orgId: "82327ea3-741d-41e4-88f8-2cf9e791e760", shortName: "GitHub_P", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1", }, ], source: { discovery: "EXTERNAL", }, title: "Improper access control in GitHub Enterprise Server leading to the disclosure of Actions secrets to forks", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "product-cna@github.com", ID: "CVE-2021-22862", STATE: "PUBLIC", TITLE: "Improper access control in GitHub Enterprise Server leading to the disclosure of Actions secrets to forks", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GitHub Enterprise Server", version: { version_data: [ { version_affected: "<", version_name: "3.0", version_value: "3.0.1", }, ], }, }, ], }, vendor_name: "GitHub", }, ], }, }, credit: [ { lang: "eng", value: "Teddy Katz", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-285: Improper Authorization", }, ], }, ], }, references: { reference_data: [ { name: "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1", refsource: "MISC", url: "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1", }, ], }, source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "82327ea3-741d-41e4-88f8-2cf9e791e760", assignerShortName: "GitHub_P", cveId: "CVE-2021-22862", datePublished: "2021-03-03T03:25:22", dateReserved: "2021-01-06T00:00:00", dateUpdated: "2024-08-03T18:51:07.479Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-2055
Vulnerability from cvelistv5
Published
2012-04-04 10:00
Modified
2024-08-06 19:17
Severity ?
EPSS score ?
Summary
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://homakov.blogspot.com/2012/03/how-to.html | x_refsource_MISC | |
| http://lwn.net/Articles/488702/ | x_refsource_MISC | |
| https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74812 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:17:27.693Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://homakov.blogspot.com/2012/03/how-to.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://lwn.net/Articles/488702/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation", }, { name: "github-hash-security-bypass(74812)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74812", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-03-04T00:00:00", descriptions: [ { lang: "en", value: "GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a \"mass assignment\" vulnerability.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-19T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://homakov.blogspot.com/2012/03/how-to.html", }, { tags: [ "x_refsource_MISC", ], url: "http://lwn.net/Articles/488702/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation", }, { name: "github-hash-security-bypass(74812)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74812", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-2055", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a \"mass assignment\" vulnerability.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://homakov.blogspot.com/2012/03/how-to.html", refsource: "MISC", url: "http://homakov.blogspot.com/2012/03/how-to.html", }, { name: "http://lwn.net/Articles/488702/", refsource: "MISC", url: "http://lwn.net/Articles/488702/", }, { name: "https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation", refsource: "CONFIRM", url: "https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation", }, { name: "github-hash-security-bypass(74812)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74812", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-2055", datePublished: "2012-04-04T10:00:00", dateReserved: "2012-04-04T00:00:00", dateUpdated: "2024-08-06T19:17:27.693Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10519
Vulnerability from cvelistv5
Published
2021-03-03 03:25
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 2.20 < 2.20.24 Version: 2.21 < 2.21.15 Version: 2.22 < 2.22.7 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:06:09.542Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GitHub Enterprise Server", vendor: "GitHub", versions: [ { lessThan: "2.20.24", status: "affected", version: "2.20", versionType: "custom", }, { lessThan: "2.21.15", status: "affected", version: "2.21", versionType: "custom", }, { lessThan: "2.22.7", status: "affected", version: "2.22", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "yvvdwf", }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77: Command Injection - Generic", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-03T03:25:21", orgId: "82327ea3-741d-41e4-88f8-2cf9e791e760", shortName: "GitHub_P", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24", }, { tags: [ "x_refsource_MISC", ], url: "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15", }, { tags: [ "x_refsource_MISC", ], url: "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7", }, ], source: { discovery: "EXTERNAL", }, title: "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "product-cna@github.com", ID: "CVE-2020-10519", STATE: "PUBLIC", TITLE: "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GitHub Enterprise Server", version: { version_data: [ { version_affected: "<", version_name: "2.20", version_value: "2.20.24", }, { version_affected: "<", version_name: "2.21", version_value: "2.21.15", }, { version_affected: "<", version_name: "2.22", version_value: "2.22.7", }, ], }, }, ], }, vendor_name: "GitHub", }, ], }, }, credit: [ { lang: "eng", value: "yvvdwf", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-77: Command Injection - Generic", }, ], }, ], }, references: { reference_data: [ { name: "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24", refsource: "MISC", url: "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24", }, { name: "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15", refsource: "MISC", url: "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15", }, { name: "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7", refsource: "MISC", url: "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7", }, ], }, source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "82327ea3-741d-41e4-88f8-2cf9e791e760", assignerShortName: "GitHub_P", cveId: "CVE-2020-10519", datePublished: "2021-03-03T03:25:21", dateReserved: "2020-03-12T00:00:00", dateUpdated: "2024-08-04T11:06:09.542Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10518
Vulnerability from cvelistv5
Published
2020-08-27 21:55
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://enterprise.github.com/releases/2.19.21/notes | x_refsource_MISC | |
| https://enterprise.github.com/releases/2.20.15/notes | x_refsource_MISC | |
| https://enterprise.github.com/releases/2.21.6/notes | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 2.19 < 2.19.21 Version: 2.20 < 2.20.15 Version: 2.21 < 2.21.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:06:09.883Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://enterprise.github.com/releases/2.19.21/notes", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://enterprise.github.com/releases/2.20.15/notes", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://enterprise.github.com/releases/2.21.6/notes", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GitHub Enterprise Server", vendor: "GitHub", versions: [ { lessThan: "2.19.21", status: "affected", version: "2.19", versionType: "custom", }, { lessThan: "2.20.15", status: "affected", version: "2.20", versionType: "custom", }, { lessThan: "2.21.6", status: "affected", version: "2.21", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "William Bowling", }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77: Command Injection - Generic", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-27T21:55:11", orgId: "82327ea3-741d-41e4-88f8-2cf9e791e760", shortName: "GitHub_P", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://enterprise.github.com/releases/2.19.21/notes", }, { tags: [ "x_refsource_MISC", ], url: "https://enterprise.github.com/releases/2.20.15/notes", }, { tags: [ "x_refsource_MISC", ], url: "https://enterprise.github.com/releases/2.21.6/notes", }, ], source: { discovery: "EXTERNAL", }, title: "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "product-cna@github.com", ID: "CVE-2020-10518", STATE: "PUBLIC", TITLE: "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GitHub Enterprise Server", version: { version_data: [ { version_affected: "<", version_name: "2.19", version_value: "2.19.21", }, { version_affected: "<", version_name: "2.20", version_value: "2.20.15", }, { version_affected: "<", version_name: "2.21", version_value: "2.21.6", }, ], }, }, ], }, vendor_name: "GitHub", }, ], }, }, credit: [ { lang: "eng", value: "William Bowling", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-77: Command Injection - Generic", }, ], }, ], }, references: { reference_data: [ { name: "https://enterprise.github.com/releases/2.19.21/notes", refsource: "MISC", url: "https://enterprise.github.com/releases/2.19.21/notes", }, { name: "https://enterprise.github.com/releases/2.20.15/notes", refsource: "MISC", url: "https://enterprise.github.com/releases/2.20.15/notes", }, { name: "https://enterprise.github.com/releases/2.21.6/notes", refsource: "MISC", url: "https://enterprise.github.com/releases/2.21.6/notes", }, ], }, source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "82327ea3-741d-41e4-88f8-2cf9e791e760", assignerShortName: "GitHub_P", cveId: "CVE-2020-10518", datePublished: "2020-08-27T21:55:11", dateReserved: "2020-03-12T00:00:00", dateUpdated: "2024-08-04T11:06:09.883Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2021-03-03 04:15
Modified
2024-11-21 05:50
Severity ?
Summary
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "672A9206-E6DA-4137-8AB2-A047F700902A", versionEndExcluding: "2.20.24", versionStartIncluding: "2.12.22", vulnerable: true, }, { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "33F7B688-318D-452D-A804-49984D527FDA", versionEndExcluding: "2.21.15", versionStartIncluding: "2.21.0", vulnerable: true, }, { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "5333B472-BF06-4427-9344-72CD5B2429CD", versionEndExcluding: "2.22.7", versionStartIncluding: "2.22.0", vulnerable: true, }, { criteria: "cpe:2.3:a:github:github:*:*:*:*:*:*:*:*", matchCriteriaId: "6929FFB5-AC83-412F-A6FF-0593F64A0688", versionEndExcluding: "3.0.1", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.", }, { lang: "es", value: "Se identificó una vulnerabilidad de control de acceso inadecuada en la API GraphQL de GitHub Enterprise Server que permitía a los usuarios autenticados de la instancia modificar el permiso de colaboración del mantenedor de un pull request sin la autorización adecuada. Al explotar esta vulnerabilidad, un atacante podría obtener acceso a las ramas principales de los pull requests abiertos en los repositorios de los que es mantenedor. La bifurcación está deshabilitada por defecto para los repositorios privados propiedad de la organización y evitaría esta vulnerabilidad. Además, las protecciones de las ramas, como las revisiones requeridas de las solicitudes de extracción o las comprobaciones de estado, impedirían que los commits no autorizados se fusionaran sin más revisión o validación. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server desde la versión 2.12.22 y fue corregida en las versiones 2.20.24, 2.21.15, 2.22.7 y 3.0.1. Esta vulnerabilidad fue reportada a través del programa GitHub Bug Bounty", }, ], id: "CVE-2021-22863", lastModified: "2024-11-21T05:50:47.360", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-03T04:15:13.240", references: [ { source: "product-cna@github.com", url: "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24", }, { source: "product-cna@github.com", url: "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15", }, { source: "product-cna@github.com", url: "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7", }, { source: "product-cna@github.com", url: "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1", }, ], sourceIdentifier: "product-cna@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "product-cna@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-03 14:15
Modified
2024-11-21 04:55
Severity ?
Summary
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-cna@github.com | https://enterprise.github.com/releases/2.18.20/notes | Release Notes, Third Party Advisory | |
| product-cna@github.com | https://enterprise.github.com/releases/2.19.15/notes | Release Notes, Third Party Advisory | |
| product-cna@github.com | https://enterprise.github.com/releases/2.20.9/notes | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.18.20/notes | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.19.15/notes | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.20.9/notes | Release Notes, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "1D3E4C5E-345B-47A7-95DE-27FA144652F7", versionEndExcluding: "2.18.20", versionStartIncluding: "2.18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "3BB3EC19-93F9-4D28-8F30-9B659CB2F3E4", versionEndExcluding: "2.19.15", versionStartIncluding: "2.19.0", vulnerable: true, }, { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "AE0B3224-DAA6-4EC5-B70D-4328F397511E", versionEndExcluding: "2.20.9", versionStartIncluding: "2.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program.", }, { lang: "es", value: "Se identificó una vulnerabilidad de control de acceso inapropiado en la API de GitHub Enterprise Server, que permitió a un miembro de la organización escalar permisos y conseguir acceso a repositorios no autorizados dentro de una organización. Esta vulnerabilidad afectó a todas las versiones de GitHub Enterprise Server anteriores a 2.21 y fue corregida en las versiones 2.20.9, 2.19.15 y 2.18.20. Esta vulnerabilidad fue reportada por medio del programa GitHub Bug Bounty.", }, ], id: "CVE-2020-10516", lastModified: "2024-11-21T04:55:31.120", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-03T14:15:12.377", references: [ { source: "product-cna@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://enterprise.github.com/releases/2.18.20/notes", }, { source: "product-cna@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://enterprise.github.com/releases/2.19.15/notes", }, { source: "product-cna@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://enterprise.github.com/releases/2.20.9/notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://enterprise.github.com/releases/2.18.20/notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://enterprise.github.com/releases/2.19.15/notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://enterprise.github.com/releases/2.20.9/notes", }, ], sourceIdentifier: "product-cna@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "product-cna@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-552", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-27 22:15
Modified
2024-11-21 04:55
Severity ?
Summary
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-cna@github.com | https://enterprise.github.com/releases/2.19.21/notes | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://enterprise.github.com/releases/2.20.15/notes | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://enterprise.github.com/releases/2.21.6/notes | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.19.21/notes | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.20.15/notes | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.21.6/notes | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "B069227C-199F-48D2-8A3A-04FAC5BAF966", versionEndExcluding: "2.19.21", vulnerable: true, }, { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "99A2F224-E3D3-4E27-B7ED-57E544A45A8C", versionEndExcluding: "2.20.15", versionStartIncluding: "2.20.0", vulnerable: true, }, { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "330B13CF-E0E2-40C1-9A9F-F90A0D6E5A3C", versionEndExcluding: "2.21.6", versionStartIncluding: "2.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program.", }, { lang: "es", value: "Se identificó una vulnerabilidad de ejecución de código remota en GitHub Enterprise Server que podría ser explotada al crear un sitio GitHub Pages. La configuración controlada por el usuario de los analizadores subyacentes usados por las páginas de GitHub no estaba lo suficientemente restringida y permitía ejecutar comandos en la instancia de GitHub Enterprise Server. Para explotar esta vulnerabilidad, un atacante necesitaría permiso para crear y construir un sitio GitHub Pages en la instancia de GitHub Enterprise Server. Esta vulnerabilidad afectó a todas las versiones de GitHub Enterprise Server anteriores a la 2.22 y se corrigió en las versiones 2.21.6, 2.20.15 y 2.19.21. Los problemas subyacentes que contribuyen a esta vulnerabilidad se identificaron tanto internamente como por medio del programa GitHub Security Bug Bounty", }, ], id: "CVE-2020-10518", lastModified: "2024-11-21T04:55:31.370", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-27T22:15:09.833", references: [ { source: "product-cna@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://enterprise.github.com/releases/2.19.21/notes", }, { source: "product-cna@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://enterprise.github.com/releases/2.20.15/notes", }, { source: "product-cna@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://enterprise.github.com/releases/2.21.6/notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://enterprise.github.com/releases/2.19.21/notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://enterprise.github.com/releases/2.20.15/notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://enterprise.github.com/releases/2.21.6/notes", }, ], sourceIdentifier: "product-cna@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "product-cna@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-04-05 14:55
Modified
2024-11-21 01:38
Severity ?
Summary
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://homakov.blogspot.com/2012/03/how-to.html | Issue Tracking | |
| cve@mitre.org | http://lwn.net/Articles/488702/ | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/74812 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://homakov.blogspot.com/2012/03/how-to.html | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lwn.net/Articles/488702/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/74812 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "C0048D8D-869E-4A8F-BB33-7E603967222D", versionEndExcluding: "20120304", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a \"mass assignment\" vulnerability.", }, { lang: "es", value: "GitHub Enterprise antes de v20120304 no restringe debidamente el uso de un hash para proporcionar los valores para un modelo de atributos, lo que permite a atacantes remotos establecer el valor public_key [user_id] a través de una URL modificada para el formulario de actualización de clave pública. Se trata de un problema relacionado con una vulnerabilidad de \"asignación en masa\".", }, ], id: "CVE-2012-2055", lastModified: "2024-11-21T01:38:24.017", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2012-04-05T14:55:06.107", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "http://homakov.blogspot.com/2012/03/how-to.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lwn.net/Articles/488702/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74812", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "http://homakov.blogspot.com/2012/03/how-to.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lwn.net/Articles/488702/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74812", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-913", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-03 04:15
Modified
2024-11-21 05:50
Severity ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "C6B741E9-F328-4CD0-B82C-A8A4E26A1894", versionEndExcluding: "2.20.24", versionStartIncluding: "2.4.21", vulnerable: true, }, { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "33F7B688-318D-452D-A804-49984D527FDA", versionEndExcluding: "2.21.15", versionStartIncluding: "2.21.0", vulnerable: true, }, { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "5333B472-BF06-4427-9344-72CD5B2429CD", versionEndExcluding: "2.22.7", versionStartIncluding: "2.22.0", vulnerable: true, }, { criteria: "cpe:2.3:a:github:github:*:*:*:*:*:*:*:*", matchCriteriaId: "6929FFB5-AC83-412F-A6FF-0593F64A0688", versionEndExcluding: "3.0.1", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.", }, { lang: "es", value: "Se identificó una vulnerabilidad de control de acceso inadecuada en GitHub Enterprise Server que permitía a los usuarios autenticados de la instancia obtener acceso de escritura a repositorios no autorizados a través de solicitudes de extracción y solicitudes de API REST específicamente diseñadas. Un atacante tendría que ser capaz de bifurcar el repositorio objetivo, una configuración que está desactivada por defecto para los repositorios privados propiedad de la organización. Las protecciones de la rama, como las revisiones requeridas de las solicitudes de extracción o las comprobaciones de estado, evitarían que las confirmaciones no autorizadas se fusionaran sin una revisión o validación adicional. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server desde la versión 2.4.21 y fue corregida en las versiones 2.20.24, 2.21.15, 2.22.7 y 3.0.1. Esta vulnerabilidad fue reportada a través del programa GitHub Bug Bounty", }, ], id: "CVE-2021-22861", lastModified: "2024-11-21T05:50:47.123", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-03T04:15:13.070", references: [ { source: "product-cna@github.com", url: "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24", }, { source: "product-cna@github.com", url: "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15", }, { source: "product-cna@github.com", url: "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7", }, { source: "product-cna@github.com", url: "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1", }, ], sourceIdentifier: "product-cna@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "product-cna@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-28 06:29
Modified
2024-11-21 03:19
Severity ?
Summary
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://enterprise.github.com/releases/2.8.7/notes | Vendor Advisory | |
| cve@mitre.org | https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.8.7/notes | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "1CC784DE-8B67-4DEE-8F7A-76FF72FFA1E2", versionEndExcluding: "2.8.7", versionStartIncluding: "2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:github:github:2.8.7:*:*:*:*:*:*:*", matchCriteriaId: "D710BF3A-560D-495E-A51A-E4484F7CC251", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.", }, { lang: "es", value: "La consola de gestión en GitHub Enterprise, en las versiones 2.8.x anteriores a la 2.8.7, tiene un fallo de deserialización que permite a los atacantes remotos sin autenticar ejecutar código arbitrario. Esto ocurre debido a que el secreto de sesión \"enterprise\" es siempre el mismo y puede encontrarse en el código fuente del producto. Al enviar una cookie manipulada firmada con este secreto, se puede llamar a Marshal.load con datos arbitrarios. Esto es problemático, ya que el formato de los datos Marshal permite los objetos Ruby.", }, ], id: "CVE-2017-18365", lastModified: "2024-11-21T03:19:56.347", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-28T06:29:00.267", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://enterprise.github.com/releases/2.8.7/notes", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://enterprise.github.com/releases/2.8.7/notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-27 22:15
Modified
2024-11-21 04:55
Severity ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-cna@github.com | https://enterprise.github.com/releases/2.19.21/notes | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://enterprise.github.com/releases/2.20.15/notes | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://enterprise.github.com/releases/2.21.6/notes | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.19.21/notes | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.20.15/notes | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.21.6/notes | Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "B069227C-199F-48D2-8A3A-04FAC5BAF966", versionEndExcluding: "2.19.21", vulnerable: true, }, { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "99A2F224-E3D3-4E27-B7ED-57E544A45A8C", versionEndExcluding: "2.20.15", versionStartIncluding: "2.20.0", vulnerable: true, }, { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "330B13CF-E0E2-40C1-9A9F-F90A0D6E5A3C", versionEndExcluding: "2.21.6", versionStartIncluding: "2.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program.", }, { lang: "es", value: "Se identificó una vulnerabilidad de control de acceso inapropiado en GitHub Enterprise Server que permitió a usuarios autenticados de la instancia determinar los nombres de los repositorios privados no autorizados dados sus ID numéricos. Esta vulnerabilidad no permitía el acceso no autorizado a ningún contenido del repositorio además del nombre. Esta vulnerabilidad afectó a todas las versiones de GitHub Enterprise Server anteriores a la 2.22 y se corrigió en las versiones 2.21.6, 2.20.15 y 2.19.21. Esta vulnerabilidad se reportó por medio del programa GitHub Bug Bounty", }, ], id: "CVE-2020-10517", lastModified: "2024-11-21T04:55:31.253", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-27T22:15:09.770", references: [ { source: "product-cna@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://enterprise.github.com/releases/2.19.21/notes", }, { source: "product-cna@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://enterprise.github.com/releases/2.20.15/notes", }, { source: "product-cna@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://enterprise.github.com/releases/2.21.6/notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://enterprise.github.com/releases/2.19.21/notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://enterprise.github.com/releases/2.20.15/notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://enterprise.github.com/releases/2.21.6/notes", }, ], sourceIdentifier: "product-cna@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "product-cna@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-03 04:15
Modified
2024-11-21 04:55
Severity ?
Summary
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "A88AD208-131B-470F-843F-D1BB274F5A3A", versionEndExcluding: "2.20.24", vulnerable: true, }, { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "33F7B688-318D-452D-A804-49984D527FDA", versionEndExcluding: "2.21.15", versionStartIncluding: "2.21.0", vulnerable: true, }, { criteria: "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "5333B472-BF06-4427-9344-72CD5B2429CD", versionEndExcluding: "2.22.7", versionStartIncluding: "2.22.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program.", }, { lang: "es", value: "Se identificó una vulnerabilidad de ejecución de código remota en GitHub Enterprise Server que podía ser explotada al construir un sitio de GitHub Pages. La configuración controlada por el usuario de los analizadores subyacentes utilizados por GitHub Pages no estaba suficientemente restringida y permitía ejecutar comandos en la instancia de GitHub Enterprise Server. Para aprovechar esta vulnerabilidad, un atacante necesitaría permiso para crear y construir un sitio de GitHub Pages en la instancia de GitHub Enterprise Server. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server anteriores a la 2.22.7 y fue corregida en las versiones 2.22.7, 2.21.15 y 2.20.24. Los problemas subyacentes que contribuyen a esta vulnerabilidad fueron identificados a través del programa GitHub Security Bug Bounty", }, ], id: "CVE-2020-10519", lastModified: "2024-11-21T04:55:31.503", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-03T04:15:12.773", references: [ { source: "product-cna@github.com", url: "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24", }, { source: "product-cna@github.com", url: "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15", }, { source: "product-cna@github.com", url: "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7", }, ], sourceIdentifier: "product-cna@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "product-cna@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-03 04:15
Modified
2024-11-21 05:50
Severity ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:github:github:3.0.0:-:*:*:*:*:*:*", matchCriteriaId: "61ABB5BF-C578-403B-8EF9-A28274F486FF", vulnerable: true, }, { criteria: "cpe:2.3:a:github:github:3.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "634A0A6C-0F17-4DE2-B2D1-C3B0C5C8EDD6", vulnerable: true, }, { criteria: "cpe:2.3:a:github:github:3.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "0FA74C51-5AB4-4B23-B24B-5629736B17E1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program.", }, { lang: "es", value: "Se identificó una vulnerabilidad de control de acceso inadecuada en GitHub Enterprise Server que permitía a un usuario autenticado con la capacidad de bifurcar un repositorio revelar los secretos de las acciones para el repositorio padre de la bifurcación. Esta vulnerabilidad existía debido a un fallo que permitía actualizar la referencia base de un pull request para que apuntara a un SHA arbitrario o a otro pull request fuera del repositorio fork. Al establecer esta referencia incorrecta en un PR, las restricciones que limitan las Acciones secretas enviadas a un flujo de trabajo desde los forks podían ser eludidas. Esta vulnerabilidad afectaba a las versiones 3.0.0, 3.0.0.rc2 y 3.0.0.rc1 de GitHub Enterprise Server. Esta vulnerabilidad fue reportada a través del programa GitHub Bug Bounty", }, ], id: "CVE-2021-22862", lastModified: "2024-11-21T05:50:47.250", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-03T04:15:13.163", references: [ { source: "product-cna@github.com", url: "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1", }, ], sourceIdentifier: "product-cna@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "product-cna@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }