Vulnerabilites related to github - github
cve-2021-22863
Vulnerability from cvelistv5
Published
2021-03-03 03:25
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 2.20 < 2.20.24 Version: 2.21 < 2.21.15 Version: 2.22 < 2.22.7 Version: 3.0 < 3.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "2.20.24",
"status": "affected",
"version": "2.20",
"versionType": "custom"
},
{
"lessThan": "2.21.15",
"status": "affected",
"version": "2.21",
"versionType": "custom"
},
{
"lessThan": "2.22.7",
"status": "affected",
"version": "2.22",
"versionType": "custom"
},
{
"lessThan": "3.0.1",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Teddy Katz"
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-03T03:25:23",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2021-22863",
"STATE": "PUBLIC",
"TITLE": "Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.20",
"version_value": "2.20.24"
},
{
"version_affected": "\u003c",
"version_name": "2.21",
"version_value": "2.21.15"
},
{
"version_affected": "\u003c",
"version_name": "2.22",
"version_value": "2.22.7"
},
{
"version_affected": "\u003c",
"version_name": "3.0",
"version_value": "3.0.1"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Teddy Katz"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24"
},
{
"name": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15"
},
{
"name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2021-22863",
"datePublished": "2021-03-03T03:25:23",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10518
Vulnerability from cvelistv5
Published
2020-08-27 21:55
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://enterprise.github.com/releases/2.19.21/notes | x_refsource_MISC | |
| https://enterprise.github.com/releases/2.20.15/notes | x_refsource_MISC | |
| https://enterprise.github.com/releases/2.21.6/notes | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 2.19 < 2.19.21 Version: 2.20 < 2.20.15 Version: 2.21 < 2.21.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://enterprise.github.com/releases/2.19.21/notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://enterprise.github.com/releases/2.20.15/notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://enterprise.github.com/releases/2.21.6/notes"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "2.19.21",
"status": "affected",
"version": "2.19",
"versionType": "custom"
},
{
"lessThan": "2.20.15",
"status": "affected",
"version": "2.20",
"versionType": "custom"
},
{
"lessThan": "2.21.6",
"status": "affected",
"version": "2.21",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "William Bowling"
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Command Injection - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-27T21:55:11",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://enterprise.github.com/releases/2.19.21/notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://enterprise.github.com/releases/2.20.15/notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://enterprise.github.com/releases/2.21.6/notes"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2020-10518",
"STATE": "PUBLIC",
"TITLE": "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.19",
"version_value": "2.19.21"
},
{
"version_affected": "\u003c",
"version_name": "2.20",
"version_value": "2.20.15"
},
{
"version_affected": "\u003c",
"version_name": "2.21",
"version_value": "2.21.6"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "William Bowling"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Command Injection - Generic"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://enterprise.github.com/releases/2.19.21/notes",
"refsource": "MISC",
"url": "https://enterprise.github.com/releases/2.19.21/notes"
},
{
"name": "https://enterprise.github.com/releases/2.20.15/notes",
"refsource": "MISC",
"url": "https://enterprise.github.com/releases/2.20.15/notes"
},
{
"name": "https://enterprise.github.com/releases/2.21.6/notes",
"refsource": "MISC",
"url": "https://enterprise.github.com/releases/2.21.6/notes"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2020-10518",
"datePublished": "2020-08-27T21:55:11",
"dateReserved": "2020-03-12T00:00:00",
"dateUpdated": "2024-08-04T11:06:09.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10516
Vulnerability from cvelistv5
Published
2020-06-03 13:31
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://enterprise.github.com/releases/2.20.9/notes | x_refsource_MISC | |
| https://enterprise.github.com/releases/2.19.15/notes | x_refsource_MISC | |
| https://enterprise.github.com/releases/2.18.20/notes | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 2.20 < 2.20.9 Version: 2.19 < 2.19.15 Version: 2.18 < 2.18.20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://enterprise.github.com/releases/2.20.9/notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://enterprise.github.com/releases/2.19.15/notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://enterprise.github.com/releases/2.18.20/notes"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "2.20.9",
"status": "affected",
"version": "2.20",
"versionType": "custom"
},
{
"lessThan": "2.19.15",
"status": "affected",
"version": "2.19",
"versionType": "custom"
},
{
"lessThan": "2.18.20",
"status": "affected",
"version": "2.18",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vaibhav Singh"
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-03T13:31:24",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://enterprise.github.com/releases/2.20.9/notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://enterprise.github.com/releases/2.19.15/notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://enterprise.github.com/releases/2.18.20/notes"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper access control in GitHub Enterprise Server leading to privilege escalation of organization member",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2020-10516",
"STATE": "PUBLIC",
"TITLE": "Improper access control in GitHub Enterprise Server leading to privilege escalation of organization member"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.20",
"version_value": "2.20.9"
},
{
"version_affected": "\u003c",
"version_name": "2.19",
"version_value": "2.19.15"
},
{
"version_affected": "\u003c",
"version_name": "2.18",
"version_value": "2.18.20"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vaibhav Singh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://enterprise.github.com/releases/2.20.9/notes",
"refsource": "MISC",
"url": "https://enterprise.github.com/releases/2.20.9/notes"
},
{
"name": "https://enterprise.github.com/releases/2.19.15/notes",
"refsource": "MISC",
"url": "https://enterprise.github.com/releases/2.19.15/notes"
},
{
"name": "https://enterprise.github.com/releases/2.18.20/notes",
"refsource": "MISC",
"url": "https://enterprise.github.com/releases/2.18.20/notes"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2020-10516",
"datePublished": "2020-06-03T13:31:24",
"dateReserved": "2020-03-12T00:00:00",
"dateUpdated": "2024-08-04T11:06:09.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10519
Vulnerability from cvelistv5
Published
2021-03-03 03:25
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15 | x_refsource_MISC | |
| https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 2.20 < 2.20.24 Version: 2.21 < 2.21.15 Version: 2.22 < 2.22.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "2.20.24",
"status": "affected",
"version": "2.20",
"versionType": "custom"
},
{
"lessThan": "2.21.15",
"status": "affected",
"version": "2.21",
"versionType": "custom"
},
{
"lessThan": "2.22.7",
"status": "affected",
"version": "2.22",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "yvvdwf"
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Command Injection - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-03T03:25:21",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2020-10519",
"STATE": "PUBLIC",
"TITLE": "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.20",
"version_value": "2.20.24"
},
{
"version_affected": "\u003c",
"version_name": "2.21",
"version_value": "2.21.15"
},
{
"version_affected": "\u003c",
"version_name": "2.22",
"version_value": "2.22.7"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "yvvdwf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Command Injection - Generic"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24"
},
{
"name": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15"
},
{
"name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2020-10519",
"datePublished": "2021-03-03T03:25:21",
"dateReserved": "2020-03-12T00:00:00",
"dateUpdated": "2024-08-04T11:06:09.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10517
Vulnerability from cvelistv5
Published
2020-08-27 21:55
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://enterprise.github.com/releases/2.19.21/notes | x_refsource_MISC | |
| https://enterprise.github.com/releases/2.20.15/notes | x_refsource_MISC | |
| https://enterprise.github.com/releases/2.21.6/notes | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 2.21 < 2.21.6 Version: 2.20 < 2.20.15 Version: 2.19 < 2.19.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://enterprise.github.com/releases/2.19.21/notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://enterprise.github.com/releases/2.20.15/notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://enterprise.github.com/releases/2.21.6/notes"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "2.21.6",
"status": "affected",
"version": "2.21",
"versionType": "custom"
},
{
"lessThan": "2.20.15",
"status": "affected",
"version": "2.20",
"versionType": "custom"
},
{
"lessThan": "2.19.21",
"status": "affected",
"version": "2.19",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "William Bowling"
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-27T21:55:16",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://enterprise.github.com/releases/2.19.21/notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://enterprise.github.com/releases/2.20.15/notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://enterprise.github.com/releases/2.21.6/notes"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper access control in GitHub Enterprise Server leading to the enumeration of private repository names",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2020-10517",
"STATE": "PUBLIC",
"TITLE": "Improper access control in GitHub Enterprise Server leading to the enumeration of private repository names"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.21",
"version_value": "2.21.6"
},
{
"version_affected": "\u003c",
"version_name": "2.20",
"version_value": "2.20.15"
},
{
"version_affected": "\u003c",
"version_name": "2.19",
"version_value": "2.19.21"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "William Bowling"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://enterprise.github.com/releases/2.19.21/notes",
"refsource": "MISC",
"url": "https://enterprise.github.com/releases/2.19.21/notes"
},
{
"name": "https://enterprise.github.com/releases/2.20.15/notes",
"refsource": "MISC",
"url": "https://enterprise.github.com/releases/2.20.15/notes"
},
{
"name": "https://enterprise.github.com/releases/2.21.6/notes",
"refsource": "MISC",
"url": "https://enterprise.github.com/releases/2.21.6/notes"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2020-10517",
"datePublished": "2020-08-27T21:55:16",
"dateReserved": "2020-03-12T00:00:00",
"dateUpdated": "2024-08-04T11:06:09.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22861
Vulnerability from cvelistv5
Published
2021-03-03 03:25
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 2.20 < 2.20.24 Version: 2.21 < 2.21.15 Version: 2.22 < 2.22.7 Version: 3.0 < 3.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "2.20.24",
"status": "affected",
"version": "2.20",
"versionType": "custom"
},
{
"lessThan": "2.21.15",
"status": "affected",
"version": "2.21",
"versionType": "custom"
},
{
"lessThan": "2.22.7",
"status": "affected",
"version": "2.22",
"versionType": "custom"
},
{
"lessThan": "3.0.1",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Teddy Katz"
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-03T03:25:21",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper access control in GitHub Enterprise Server leading to unauthorized write access to forkable repositories",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2021-22861",
"STATE": "PUBLIC",
"TITLE": "Improper access control in GitHub Enterprise Server leading to unauthorized write access to forkable repositories"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.20",
"version_value": "2.20.24"
},
{
"version_affected": "\u003c",
"version_name": "2.21",
"version_value": "2.21.15"
},
{
"version_affected": "\u003c",
"version_name": "2.22",
"version_value": "2.22.7"
},
{
"version_affected": "\u003c",
"version_name": "3.0",
"version_value": "3.0.1"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Teddy Katz"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24"
},
{
"name": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15"
},
{
"name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7"
},
{
"name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2021-22861",
"datePublished": "2021-03-03T03:25:21",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22862
Vulnerability from cvelistv5
Published
2021-03-03 03:25
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitHub | GitHub Enterprise Server |
Version: 3.0 < 3.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.0.1",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Teddy Katz"
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-03T03:25:22",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper access control in GitHub Enterprise Server leading to the disclosure of Actions secrets to forks",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2021-22862",
"STATE": "PUBLIC",
"TITLE": "Improper access control in GitHub Enterprise Server leading to the disclosure of Actions secrets to forks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0",
"version_value": "3.0.1"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Teddy Katz"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1",
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2021-22862",
"datePublished": "2021-03-03T03:25:22",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18365
Vulnerability from cvelistv5
Published
2019-03-28 05:23
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html | x_refsource_MISC | |
| https://enterprise.github.com/releases/2.8.7/notes | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://enterprise.github.com/releases/2.8.7/notes"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product\u0027s source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-28T05:23:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://enterprise.github.com/releases/2.8.7/notes"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product\u0027s source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html",
"refsource": "MISC",
"url": "https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html"
},
{
"name": "https://enterprise.github.com/releases/2.8.7/notes",
"refsource": "MISC",
"url": "https://enterprise.github.com/releases/2.8.7/notes"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18365",
"datePublished": "2019-03-28T05:23:18",
"dateReserved": "2019-03-28T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2055
Vulnerability from cvelistv5
Published
2012-04-04 10:00
Modified
2024-08-06 19:17
Severity ?
EPSS score ?
Summary
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://homakov.blogspot.com/2012/03/how-to.html | x_refsource_MISC | |
| http://lwn.net/Articles/488702/ | x_refsource_MISC | |
| https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74812 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://homakov.blogspot.com/2012/03/how-to.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lwn.net/Articles/488702/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation"
},
{
"name": "github-hash-security-bypass(74812)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74812"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model\u0027s attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a \"mass assignment\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-19T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://homakov.blogspot.com/2012/03/how-to.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lwn.net/Articles/488702/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation"
},
{
"name": "github-hash-security-bypass(74812)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74812"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model\u0027s attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a \"mass assignment\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://homakov.blogspot.com/2012/03/how-to.html",
"refsource": "MISC",
"url": "http://homakov.blogspot.com/2012/03/how-to.html"
},
{
"name": "http://lwn.net/Articles/488702/",
"refsource": "MISC",
"url": "http://lwn.net/Articles/488702/"
},
{
"name": "https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation",
"refsource": "CONFIRM",
"url": "https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation"
},
{
"name": "github-hash-security-bypass(74812)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74812"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2055",
"datePublished": "2012-04-04T10:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:17:27.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-03-03 04:15
Modified
2024-11-21 05:50
Severity ?
Summary
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "672A9206-E6DA-4137-8AB2-A047F700902A",
"versionEndExcluding": "2.20.24",
"versionStartIncluding": "2.12.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "33F7B688-318D-452D-A804-49984D527FDA",
"versionEndExcluding": "2.21.15",
"versionStartIncluding": "2.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "5333B472-BF06-4427-9344-72CD5B2429CD",
"versionEndExcluding": "2.22.7",
"versionStartIncluding": "2.22.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6929FFB5-AC83-412F-A6FF-0593F64A0688",
"versionEndExcluding": "3.0.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de control de acceso inadecuada en la API GraphQL de GitHub Enterprise Server que permit\u00eda a los usuarios autenticados de la instancia modificar el permiso de colaboraci\u00f3n del mantenedor de un pull request sin la autorizaci\u00f3n adecuada. Al explotar esta vulnerabilidad, un atacante podr\u00eda obtener acceso a las ramas principales de los pull requests abiertos en los repositorios de los que es mantenedor. La bifurcaci\u00f3n est\u00e1 deshabilitada por defecto para los repositorios privados propiedad de la organizaci\u00f3n y evitar\u00eda esta vulnerabilidad. Adem\u00e1s, las protecciones de las ramas, como las revisiones requeridas de las solicitudes de extracci\u00f3n o las comprobaciones de estado, impedir\u00edan que los commits no autorizados se fusionaran sin m\u00e1s revisi\u00f3n o validaci\u00f3n. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server desde la versi\u00f3n 2.12.22 y fue corregida en las versiones 2.20.24, 2.21.15, 2.22.7 y 3.0.1. Esta vulnerabilidad fue reportada a trav\u00e9s del programa GitHub Bug Bounty"
}
],
"id": "CVE-2021-22863",
"lastModified": "2024-11-21T05:50:47.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-03T04:15:13.240",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-27 22:15
Modified
2024-11-21 04:55
Severity ?
Summary
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-cna@github.com | https://enterprise.github.com/releases/2.19.21/notes | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://enterprise.github.com/releases/2.20.15/notes | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://enterprise.github.com/releases/2.21.6/notes | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.19.21/notes | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.20.15/notes | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.21.6/notes | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B069227C-199F-48D2-8A3A-04FAC5BAF966",
"versionEndExcluding": "2.19.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "99A2F224-E3D3-4E27-B7ED-57E544A45A8C",
"versionEndExcluding": "2.20.15",
"versionStartIncluding": "2.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "330B13CF-E0E2-40C1-9A9F-F90A0D6E5A3C",
"versionEndExcluding": "2.21.6",
"versionStartIncluding": "2.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en GitHub Enterprise Server que podr\u00eda ser explotada al crear un sitio GitHub Pages. La configuraci\u00f3n controlada por el usuario de los analizadores subyacentes usados por las p\u00e1ginas de GitHub no estaba lo suficientemente restringida y permit\u00eda ejecutar comandos en la instancia de GitHub Enterprise Server. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda permiso para crear y construir un sitio GitHub Pages en la instancia de GitHub Enterprise Server. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 2.22 y se corrigi\u00f3 en las versiones 2.21.6, 2.20.15 y 2.19.21. Los problemas subyacentes que contribuyen a esta vulnerabilidad se identificaron tanto internamente como por medio del programa GitHub Security Bug Bounty"
}
],
"id": "CVE-2020-10518",
"lastModified": "2024-11-21T04:55:31.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-27T22:15:09.833",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://enterprise.github.com/releases/2.19.21/notes"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://enterprise.github.com/releases/2.20.15/notes"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://enterprise.github.com/releases/2.21.6/notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://enterprise.github.com/releases/2.19.21/notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://enterprise.github.com/releases/2.20.15/notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://enterprise.github.com/releases/2.21.6/notes"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-03 04:15
Modified
2024-11-21 05:50
Severity ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C6B741E9-F328-4CD0-B82C-A8A4E26A1894",
"versionEndExcluding": "2.20.24",
"versionStartIncluding": "2.4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "33F7B688-318D-452D-A804-49984D527FDA",
"versionEndExcluding": "2.21.15",
"versionStartIncluding": "2.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "5333B472-BF06-4427-9344-72CD5B2429CD",
"versionEndExcluding": "2.22.7",
"versionStartIncluding": "2.22.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6929FFB5-AC83-412F-A6FF-0593F64A0688",
"versionEndExcluding": "3.0.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de control de acceso inadecuada en GitHub Enterprise Server que permit\u00eda a los usuarios autenticados de la instancia obtener acceso de escritura a repositorios no autorizados a trav\u00e9s de solicitudes de extracci\u00f3n y solicitudes de API REST espec\u00edficamente dise\u00f1adas. Un atacante tendr\u00eda que ser capaz de bifurcar el repositorio objetivo, una configuraci\u00f3n que est\u00e1 desactivada por defecto para los repositorios privados propiedad de la organizaci\u00f3n. Las protecciones de la rama, como las revisiones requeridas de las solicitudes de extracci\u00f3n o las comprobaciones de estado, evitar\u00edan que las confirmaciones no autorizadas se fusionaran sin una revisi\u00f3n o validaci\u00f3n adicional. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server desde la versi\u00f3n 2.4.21 y fue corregida en las versiones 2.20.24, 2.21.15, 2.22.7 y 3.0.1. Esta vulnerabilidad fue reportada a trav\u00e9s del programa GitHub Bug Bounty"
}
],
"id": "CVE-2021-22861",
"lastModified": "2024-11-21T05:50:47.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-03T04:15:13.070",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-03 04:15
Modified
2024-11-21 04:55
Severity ?
Summary
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "A88AD208-131B-470F-843F-D1BB274F5A3A",
"versionEndExcluding": "2.20.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "33F7B688-318D-452D-A804-49984D527FDA",
"versionEndExcluding": "2.21.15",
"versionStartIncluding": "2.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "5333B472-BF06-4427-9344-72CD5B2429CD",
"versionEndExcluding": "2.22.7",
"versionStartIncluding": "2.22.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en GitHub Enterprise Server que pod\u00eda ser explotada al construir un sitio de GitHub Pages. La configuraci\u00f3n controlada por el usuario de los analizadores subyacentes utilizados por GitHub Pages no estaba suficientemente restringida y permit\u00eda ejecutar comandos en la instancia de GitHub Enterprise Server. Para aprovechar esta vulnerabilidad, un atacante necesitar\u00eda permiso para crear y construir un sitio de GitHub Pages en la instancia de GitHub Enterprise Server. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server anteriores a la 2.22.7 y fue corregida en las versiones 2.22.7, 2.21.15 y 2.20.24. Los problemas subyacentes que contribuyen a esta vulnerabilidad fueron identificados a trav\u00e9s del programa GitHub Security Bug Bounty"
}
],
"id": "CVE-2020-10519",
"lastModified": "2024-11-21T04:55:31.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-03T04:15:12.773",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15"
},
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-28 06:29
Modified
2024-11-21 03:19
Severity ?
Summary
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://enterprise.github.com/releases/2.8.7/notes | Vendor Advisory | |
| cve@mitre.org | https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.8.7/notes | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "1CC784DE-8B67-4DEE-8F7A-76FF72FFA1E2",
"versionEndExcluding": "2.8.7",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:github:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D710BF3A-560D-495E-A51A-E4484F7CC251",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product\u0027s source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects."
},
{
"lang": "es",
"value": "La consola de gesti\u00f3n en GitHub Enterprise, en las versiones 2.8.x anteriores a la 2.8.7, tiene un fallo de deserializaci\u00f3n que permite a los atacantes remotos sin autenticar ejecutar c\u00f3digo arbitrario. Esto ocurre debido a que el secreto de sesi\u00f3n \"enterprise\" es siempre el mismo y puede encontrarse en el c\u00f3digo fuente del producto. Al enviar una cookie manipulada firmada con este secreto, se puede llamar a Marshal.load con datos arbitrarios. Esto es problem\u00e1tico, ya que el formato de los datos Marshal permite los objetos Ruby."
}
],
"id": "CVE-2017-18365",
"lastModified": "2024-11-21T03:19:56.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-28T06:29:00.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://enterprise.github.com/releases/2.8.7/notes"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://enterprise.github.com/releases/2.8.7/notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-03 14:15
Modified
2024-11-21 04:55
Severity ?
Summary
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-cna@github.com | https://enterprise.github.com/releases/2.18.20/notes | Release Notes, Third Party Advisory | |
| product-cna@github.com | https://enterprise.github.com/releases/2.19.15/notes | Release Notes, Third Party Advisory | |
| product-cna@github.com | https://enterprise.github.com/releases/2.20.9/notes | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.18.20/notes | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.19.15/notes | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.20.9/notes | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "1D3E4C5E-345B-47A7-95DE-27FA144652F7",
"versionEndExcluding": "2.18.20",
"versionStartIncluding": "2.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "3BB3EC19-93F9-4D28-8F30-9B659CB2F3E4",
"versionEndExcluding": "2.19.15",
"versionStartIncluding": "2.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "AE0B3224-DAA6-4EC5-B70D-4328F397511E",
"versionEndExcluding": "2.20.9",
"versionStartIncluding": "2.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de control de acceso inapropiado en la API de GitHub Enterprise Server, que permiti\u00f3 a un miembro de la organizaci\u00f3n escalar permisos y conseguir acceso a repositorios no autorizados dentro de una organizaci\u00f3n. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a 2.21 y fue corregida en las versiones 2.20.9, 2.19.15 y 2.18.20. Esta vulnerabilidad fue reportada por medio del programa GitHub Bug Bounty."
}
],
"id": "CVE-2020-10516",
"lastModified": "2024-11-21T04:55:31.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-03T14:15:12.377",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://enterprise.github.com/releases/2.18.20/notes"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://enterprise.github.com/releases/2.19.15/notes"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://enterprise.github.com/releases/2.20.9/notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://enterprise.github.com/releases/2.18.20/notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://enterprise.github.com/releases/2.19.15/notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://enterprise.github.com/releases/2.20.9/notes"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-27 22:15
Modified
2024-11-21 04:55
Severity ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-cna@github.com | https://enterprise.github.com/releases/2.19.21/notes | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://enterprise.github.com/releases/2.20.15/notes | Release Notes, Vendor Advisory | |
| product-cna@github.com | https://enterprise.github.com/releases/2.21.6/notes | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.19.21/notes | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.20.15/notes | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://enterprise.github.com/releases/2.21.6/notes | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B069227C-199F-48D2-8A3A-04FAC5BAF966",
"versionEndExcluding": "2.19.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "99A2F224-E3D3-4E27-B7ED-57E544A45A8C",
"versionEndExcluding": "2.20.15",
"versionStartIncluding": "2.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "330B13CF-E0E2-40C1-9A9F-F90A0D6E5A3C",
"versionEndExcluding": "2.21.6",
"versionStartIncluding": "2.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de control de acceso inapropiado en GitHub Enterprise Server que permiti\u00f3 a usuarios autenticados de la instancia determinar los nombres de los repositorios privados no autorizados dados sus ID num\u00e9ricos. Esta vulnerabilidad no permit\u00eda el acceso no autorizado a ning\u00fan contenido del repositorio adem\u00e1s del nombre. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 2.22 y se corrigi\u00f3 en las versiones 2.21.6, 2.20.15 y 2.19.21. Esta vulnerabilidad se report\u00f3 por medio del programa GitHub Bug Bounty"
}
],
"id": "CVE-2020-10517",
"lastModified": "2024-11-21T04:55:31.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-27T22:15:09.770",
"references": [
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://enterprise.github.com/releases/2.19.21/notes"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://enterprise.github.com/releases/2.20.15/notes"
},
{
"source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://enterprise.github.com/releases/2.21.6/notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://enterprise.github.com/releases/2.19.21/notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://enterprise.github.com/releases/2.20.15/notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://enterprise.github.com/releases/2.21.6/notes"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-03 04:15
Modified
2024-11-21 05:50
Severity ?
Summary
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:github:3.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "61ABB5BF-C578-403B-8EF9-A28274F486FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:github:3.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "634A0A6C-0F17-4DE2-B2D1-C3B0C5C8EDD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:github:github:3.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0FA74C51-5AB4-4B23-B24B-5629736B17E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de control de acceso inadecuada en GitHub Enterprise Server que permit\u00eda a un usuario autenticado con la capacidad de bifurcar un repositorio revelar los secretos de las acciones para el repositorio padre de la bifurcaci\u00f3n. Esta vulnerabilidad exist\u00eda debido a un fallo que permit\u00eda actualizar la referencia base de un pull request para que apuntara a un SHA arbitrario o a otro pull request fuera del repositorio fork. Al establecer esta referencia incorrecta en un PR, las restricciones que limitan las Acciones secretas enviadas a un flujo de trabajo desde los forks pod\u00edan ser eludidas. Esta vulnerabilidad afectaba a las versiones 3.0.0, 3.0.0.rc2 y 3.0.0.rc1 de GitHub Enterprise Server. Esta vulnerabilidad fue reportada a trav\u00e9s del programa GitHub Bug Bounty"
}
],
"id": "CVE-2021-22862",
"lastModified": "2024-11-21T05:50:47.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-03T04:15:13.163",
"references": [
{
"source": "product-cna@github.com",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1"
}
],
"sourceIdentifier": "product-cna@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "product-cna@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-05 14:55
Modified
2024-11-21 01:38
Severity ?
Summary
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://homakov.blogspot.com/2012/03/how-to.html | Issue Tracking | |
| cve@mitre.org | http://lwn.net/Articles/488702/ | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/74812 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://homakov.blogspot.com/2012/03/how-to.html | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lwn.net/Articles/488702/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/74812 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C0048D8D-869E-4A8F-BB33-7E603967222D",
"versionEndExcluding": "20120304",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model\u0027s attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a \"mass assignment\" vulnerability."
},
{
"lang": "es",
"value": "GitHub Enterprise antes de v20120304 no restringe debidamente el uso de un hash para proporcionar los valores para un modelo de atributos, lo que permite a atacantes remotos establecer el valor public_key [user_id] a trav\u00e9s de una URL modificada para el formulario de actualizaci\u00f3n de clave p\u00fablica. Se trata de un problema relacionado con una vulnerabilidad de \"asignaci\u00f3n en masa\"."
}
],
"id": "CVE-2012-2055",
"lastModified": "2024-11-21T01:38:24.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2012-04-05T14:55:06.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "http://homakov.blogspot.com/2012/03/how-to.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lwn.net/Articles/488702/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74812"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "http://homakov.blogspot.com/2012/03/how-to.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lwn.net/Articles/488702/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-913"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}