{"vulnerability": "CVE-2021-2286", "sightings": [{"uuid": "562b7e87-f2de-47a9-b830-b62f7ddc98cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22869", "type": "seen", "source": "https://t.me/cibsecurity/29403", "content": "\u203c CVE-2021-22869 \u203c\n\nAn improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-24T22:31:03.000000Z"}, {"uuid": "49aa46ef-69b9-48f9-8c4a-e138d7f43542", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22862", "type": "published-proof-of-concept", "source": "https://t.me/cKure/4501", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 GitHub awards bug bounty hunter $25,000 for Actions secrets theft report.\n\nTracked as\u00a0CVE-2021-22862, the security flaw is described as an improper access control vulnerability that \u201callowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork\u201d.\n\nhttps://blog.teddykatz.com/2021/03/17/github-actions-write-access.html\n\nhttps://portswigger.net/daily-swig/github-awards-bug-bounty-hunter-25-000-for-actions-secrets-theft-report", "creation_timestamp": "2021-03-23T19:28:35.000000Z"}, {"uuid": "cd736e6d-5d62-4f3a-85cf-f2293b869c9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22867", "type": "seen", "source": "https://t.me/cibsecurity/29400", "content": "\u203c CVE-2021-22868 \u203c\n\nA path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This vulnerability was reported via the GitHub Bug Bounty program. This is the result of an incomplete fix for CVE-2021-22867.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-24T22:31:00.000000Z"}, {"uuid": "bc9dd7e3-f218-42fe-8d3e-c8a88de583ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22868", "type": "seen", "source": "https://t.me/cibsecurity/29400", "content": "\u203c CVE-2021-22868 \u203c\n\nA path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This vulnerability was reported via the GitHub Bug Bounty program. This is the result of an incomplete fix for CVE-2021-22867.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-24T22:31:00.000000Z"}, {"uuid": "6c8b730d-8256-4288-a201-696a0a6fc910", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22864", "type": "seen", "source": "https://t.me/cibsecurity/25365", "content": "\u203c CVE-2021-22864 \u203c\n\nA remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-24T01:38:44.000000Z"}, {"uuid": "5d3db0ef-9df5-40ac-bf42-41bf4c7e9b8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22867", "type": "seen", "source": "https://t.me/cibsecurity/26171", "content": "\u203c CVE-2021-22867 \u203c\n\nA path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and was fixed in 3.1.3, 3.0.11, and 2.22.17. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-15T00:25:40.000000Z"}, {"uuid": "79916192-2b47-4d5e-8354-227a1e7d8de3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-22862", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2976", "content": "#exploit\n1. Stealing arbitrary GitHub Actions secrets\nhttps://blog.teddykatz.com/2021/03/17/github-actions-write-access.html\n]-> PoC GitHub Actions workflow exploit (CVE-2021-22862):\nhttps://gist.github.com/not-an-aardvark/357547edf338f8fa9920bbcd286e3a7b\n\n2. CVE-2021-3409:\nQEMU <5.2.50 Heap Overflow in SDHCI Component\nhttps://starlabs.sg/advisories/21-3409", "creation_timestamp": "2022-07-04T20:59:21.000000Z"}]}