CVE-2022-23734 – Deserialization of Untrusted Data vulnerability in GitHub Enterprise Server leading to Remote Code Execution
https://notcve.org/view.php?id=CVE-2022-23734
A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported via the GitHub Bug Bounty program. Se ha identificado una vulnerabilidad de deserialización de datos no fiables en GitHub Enterprise Server que podría conllevar la ejecución de código remota en el SVNBridge. • https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.16 https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11 https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6 https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3 • CWE-502: Deserialization of Untrusted Data •
CVE-2022-23733 – Stored XSS vulnerability in GitHub Enterprise Server leading to injection of arbitrary attributes
https://notcve.org/view.php?id=CVE-2022-23733
A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program. Se identificó una vulnerabilidad de tipo XSS almacenado en GitHub Enterprise Server que permitía la inyección de atributos arbitrarios. • https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11 https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6 https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-23732 – Path traversal in GitHub Enterprise Server management console leading to a bypass of CSRF protections
https://notcve.org/view.php?id=CVE-2022-23732
A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program. • https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.19 https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.11 https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.6 https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVE-2021-41599 – Improper control flow in GitHub Enterprise Server hosted Pages leads to remote code execution
https://notcve.org/view.php?id=CVE-2021-41599
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program. Se ha identificado una vulnerabilidad de ejecución de código remota en GitHub Enterprise Server que podía explotarse cuando era creado un sitio de GitHub Pages. • https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21 https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13 https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2021-41598 – UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user
https://notcve.org/view.php?id=CVE-2021-41598
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but if the user later updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, those additional permissions would not be displayed, leading to more permissions being granted than the user potentially intended. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program. • https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21 https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13 https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •