A path traversal vulnerability was identified in GitHub Enterprise Server that allowed anĀ attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.
History

Thu, 17 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Github
Github enterprise Server
CPEs cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
Vendors & Products Github
Github enterprise Server

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_P

Published: 2024-02-13T18:47:10.591Z

Updated: 2024-08-01T18:26:30.498Z

Reserved: 2024-01-30T19:17:02.516Z

Link: CVE-2024-1082

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-02-13T19:15:08.793

Modified: 2024-11-21T08:49:45.430

Link: CVE-2024-1082

cve-icon Redhat

No data.