PT-2022-11439 · Github · Github Enterprise Server

Yvvdwf

Published

2022-02-17

Updated

2022-02-25

CVE-2021-41599

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.3

Description A remote code execution issue was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this issue, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This issue was reported via the GitHub Bug Bounty program.

Recommendations For versions prior to 3.0.21, update to version 3.0.21. For versions prior to 3.1.13, update to version 3.1.13. For versions prior to 3.2.5, update to version 3.2.5. As a temporary workaround, consider restricting permissions to create and build GitHub Pages sites on the GitHub Enterprise Server instance until a patch is applied.

Fix

RCE

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2021-41599

Affected Products

Github Enterprise Server

PT-2022-11439 · Github · Github Enterprise Server

CVE-2021-41599

Weakness Enumeration

Related Identifiers

Affected Products

References · 6