This vulnerability was reported via the GitHub Bug Bounty program and assigned CVE-2023-46645. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. HIGH: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. GitHub has requested CVE ID CVE-2023-46647 for this vulnerability, which was reported via the GitHub Bug Bounty program. HIGH: An attacker with access to a Management Console user account with the editor role could escalate privileges by making requests to the endpoint used for bootstrapping the instance, and then reset the root site administrator password. This vulnerability was reported via the GitHub Bug Bounty program and assigned CVE-2023-6847. To exploit this vulnerability, an attacker would need network access to the GitHub Enterprise Server instance configured in private mode. This vulnerability would allow unauthenticated attackers to gain access to various types of resources set as public on the instance. For more information, see " Enabling private mode." Private mode is the mechanism that enforces authentication for publicly-scoped resources. HIGH: An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of private mode by using a specially crafted API request.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |