CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41599 – Improper control flow in GitHub Enterprise Server hosted Pages leads to remote code execution
https://notcve.org/view.php?id=CVE-2021-41599
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program. Se ha identificado una vulnerabilidad de ejecución de código remota en GitHub Enterprise Server que podía explotarse cuando era creado un sitio de GitHub Pages. • https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21 https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13 https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41598 – UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user
https://notcve.org/view.php?id=CVE-2021-41598
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but if the user later updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, those additional permissions would not be displayed, leading to more permissions being granted than the user potentially intended. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program. • https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21 https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13 https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22870 – Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access
https://notcve.org/view.php?id=CVE-2021-22870
A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported via the GitHub Bug Bounty program. Se ha identificado una vulnerabilidad de salto de ruta en las construcciones de GitHub Pages en GitHub Enterprise Server que podría permitir a un atacante leer archivos del sistema. • https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.19 https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.11 https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22868 – Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server
https://notcve.org/view.php?id=CVE-2021-22868
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.8 and was fixed in 3.1.8, 3.0.16, and 2.22.22. This vulnerability was reported via the GitHub Bug Bounty program. • https://docs.github.com/en/enterprise-server%402.22/admin/release-notes#2.22.22 https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16 https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22869 – Improper access control in GitHub Enterprise Server allows self-hosted runners to execute outside their control group
https://notcve.org/view.php?id=CVE-2021-22869
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group could access all of the enterprise runner groups within the organization because of improper authentication checks during the request. This could cause code to be run unintentionally by the incorrect runner group. This vulnerability affected GitHub Enterprise Server versions from 3.0.0 to 3.0.15 and 3.1.0 to 3.1.7 and was fixed in 3.0.16 and 3.1.8 releases. • https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.16 https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.8 • CWE-287: Improper Authentication CWE-668: Exposure of Resource to Wrong Sphere •