A path traversal vulnerability was identified in GitHub Enterprise Server that allowed anĀ attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.
Metrics
Affected Vendors & Products
References
History
Thu, 17 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Github
Github enterprise Server |
|
CPEs | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* | |
Vendors & Products |
Github
Github enterprise Server |
MITRE
Status: PUBLISHED
Assigner: GitHub_P
Published: 2024-02-13T18:47:10.591Z
Updated: 2024-08-01T18:26:30.498Z
Reserved: 2024-01-30T19:17:02.516Z
Link: CVE-2024-1082
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-02-13T19:15:08.793
Modified: 2024-11-21T08:49:45.430
Link: CVE-2024-1082
Redhat
No data.