Описание
An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.
Ссылки
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 3.8.17 (исключая)Версия от 3.9.0 (включая) до 3.9.12 (исключая)Версия от 3.10.0 (включая) до 3.10.9 (исключая)Версия от 3.11.0 (включая) до 3.11.7 (исключая)Версия от 3.12.0 (включая) до 3.12.1 (исключая)
Одно из
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00899
Низкий
8 High
CVSS3
7.2 High
CVSS3
Дефекты
CWE-20
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8
github
почти 2 года назад
An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.
EPSS
Процентиль: 75%
0.00899
Низкий
8 High
CVSS3
7.2 High
CVSS3
Дефекты
CWE-20
NVD-CWE-noinfo