GitHub Enterprise Server up to 3.4.16/3.5.13/3.6.9/3.7.6 path traversal

Summaryinfo

A vulnerability was found in GitHub Enterprise Server up to 3.4.16/3.5.13/3.6.9/3.7.6 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation results in path traversal. This vulnerability was named CVE-2023-23760. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, was found in GitHub Enterprise Server up to 3.4.16/3.5.13/3.6.9/3.7.6 (Bug Tracking Software). Affected is an unknown code. The manipulation with an unknown input leads to a path traversal vulnerability. CWE is classifying the issue as CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program.

The weakness was presented 03/09/2023. The advisory is available at docs.github.com. This vulnerability is traded as CVE-2023-23760 since 01/17/2023. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1006 by the MITRE ATT&CK project.

Upgrading to version 3.4.17, 3.5.14, 3.6.10, 3.7.7 or 3.8 eliminates this vulnerability. The upgrade is hosted for download at docs.github.com.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Bug Tracking Software

Vendor

• GitHub

Name

• Enterprise Server

Version

• 3.4.0
• 3.4.1
• 3.4.2
• 3.4.3
• 3.4.4
• 3.4.5
• 3.4.6
• 3.4.7
• 3.4.8
• 3.4.9
• 3.4.10
• 3.4.11
• 3.4.12
• 3.4.13
• 3.4.14
• 3.4.15
• 3.4.16
• 3.5.0
• 3.5.1
• 3.5.2
• 3.5.3
• 3.5.4
• 3.5.5
• 3.5.6
• 3.5.7
• 3.5.8
• 3.5.9
• 3.5.10
• 3.5.11
• 3.5.12
• 3.5.13
• 3.6.0
• 3.6.1
• 3.6.2
• 3.6.3
• 3.6.4
• 3.6.5
• 3.6.6
• 3.6.7
• 3.6.8
• 3.6.9
• 3.7.0
• 3.7.1
• 3.7.2
• 3.7.3
• 3.7.4
• 3.7.5
• 3.7.6

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion