CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22863 – Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests
https://notcve.org/view.php?id=CVE-2021-22863
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. • https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24 https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15 https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7 https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1 • CWE-285: Improper Authorization •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22861 – Improper access control in GitHub Enterprise Server leading to unauthorized write access to forkable repositories
https://notcve.org/view.php?id=CVE-2021-22861
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program. • https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24 https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15 https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7 https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.1 • CWE-285: Improper Authorization •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-10519 – Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server
https://notcve.org/view.php?id=CVE-2020-10519
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program. • https://docs.github.com/en/enterprise-server%402.20/admin/release-notes#2.20.24 https://docs.github.com/en/enterprise-server%402.21/admin/release-notes#2.21.15 https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.7 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2055
https://notcve.org/view.php?id=CVE-2012-2055
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability. GitHub Enterprise antes de v20120304 no restringe debidamente el uso de un hash para proporcionar los valores para un modelo de atributos, lo que permite a atacantes remotos establecer el valor public_key [user_id] a través de una URL modificada para el formulario de actualización de clave pública. Se trata de un problema relacionado con una vulnerabilidad de "asignación en masa". • http://homakov.blogspot.com/2012/03/how-to.html http://lwn.net/Articles/488702 https://exchange.xforce.ibmcloud.com/vulnerabilities/74812 https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation • CWE-913: Improper Control of Dynamically-Managed Code Resources •