CVE-2023-46645

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.7.19 GitHub Enterprise Server versions prior to 3.8.12 GitHub Enterprise Server versions prior to 3.9.7 GitHub Enterprise Server versions prior to 3.10.4 GitHub Enterprise Server versions prior to 3.11.1

Description A path traversal issue was identified that allowed arbitrary file reading when building a GitHub Pages site. An attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance to exploit this issue. This issue was reported via the GitHub Bug Bounty program.

Recommendations For GitHub Enterprise Server versions prior to 3.7.19, update to version 3.7.19 or later. For GitHub Enterprise Server versions prior to 3.8.12, update to version 3.8.12 or later. For GitHub Enterprise Server versions prior to 3.9.7, update to version 3.9.7 or later. For GitHub Enterprise Server versions prior to 3.10.4, update to version 3.10.4 or later. For GitHub Enterprise Server versions prior to 3.11.1, update to version 3.11.1 or later.