GitHub Enterprise Server up to 2.19.20/2.20.14/2.21.5 Pages Site command injection

Summaryinfo

A vulnerability has been found in GitHub Enterprise Server up to 2.19.20/2.20.14/2.21.5 and classified as critical. Affected by this issue is some unknown functionality of the component Pages Site Handler. Performing a manipulation results in command injection. This vulnerability is cataloged as CVE-2020-10518. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

Detailsinfo

A vulnerability was found in GitHub Enterprise Server up to 2.19.20/2.20.14/2.21.5 (Bug Tracking Software). It has been classified as critical. This affects an unknown part of the component Pages Site Handler. The manipulation with an unknown input leads to a command injection vulnerability. CWE is classifying the issue as CWE-77. The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program.

The weakness was shared 08/27/2020 (GitHub Repository). It is possible to read the advisory at enterprise.github.com. This vulnerability is uniquely identified as CVE-2020-10518 since 03/12/2020. It is possible to initiate the attack remotely. A authentication is necessary for exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1202 according to MITRE ATT&CK.

Upgrading to version 2.19.21, 2.20.15 or 2.21.6 eliminates this vulnerability.

The entry VDB-160358 is related to this item. Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Bug Tracking Software

Vendor

• GitHub

Name

• Enterprise Server

Version

• 2.19.0
• 2.19.1
• 2.19.2
• 2.19.3
• 2.19.4
• 2.19.5
• 2.19.6
• 2.19.7
• 2.19.8
• 2.19.9
• 2.19.10
• 2.19.11
• 2.19.12
• 2.19.13
• 2.19.14
• 2.19.15
• 2.19.16
• 2.19.17
• 2.19.18
• 2.19.19
• 2.19.20
• 2.20.0
• 2.20.1
• 2.20.2
• 2.20.3
• 2.20.4
• 2.20.5
• 2.20.6
• 2.20.7
• 2.20.8
• 2.20.9
• 2.20.10
• 2.20.11
• 2.20.12
• 2.20.13
• 2.20.14
• 2.21.0
• 2.21.1
• 2.21.2
• 2.21.3
• 2.21.4
• 2.21.5

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion