PT-2023-30136 · Github · Github Enterprise Server
Yvvdwf
·
Publicado
2023-12-21
·
Atualizado
2023-12-29
·
CVE-2023-46645
CVSS v3.1
6.8
Média
| Vetor | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitHub Enterprise Server versions prior to 3.7.19
GitHub Enterprise Server versions prior to 3.8.12
GitHub Enterprise Server versions prior to 3.9.7
GitHub Enterprise Server versions prior to 3.10.4
GitHub Enterprise Server versions prior to 3.11.1
Description
A path traversal issue was identified that allowed arbitrary file reading when building a GitHub Pages site. An attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance to exploit this issue. This issue was reported via the GitHub Bug Bounty program.
Recommendations
For GitHub Enterprise Server versions prior to 3.7.19, update to version 3.7.19 or later.
For GitHub Enterprise Server versions prior to 3.8.12, update to version 3.8.12 or later.
For GitHub Enterprise Server versions prior to 3.9.7, update to version 3.9.7 or later.
For GitHub Enterprise Server versions prior to 3.10.4, update to version 3.10.4 or later.
For GitHub Enterprise Server versions prior to 3.11.1, update to version 3.11.1 or later.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Github Enterprise Server