mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
114 lines
4.7 KiB
JSON
114 lines
4.7 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "product-cna@github.com",
|
|
"ID": "CVE-2022-46256",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Path traversal in GitHub Enterprise Server leading to remote code execution in GitHub Pages"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "GitHub Enterprise Server",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "3.3",
|
|
"version_value": "3.3.17"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "3.4",
|
|
"version_value": "3.4.12"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "3.5",
|
|
"version_value": "3.5.9"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "3.6",
|
|
"version_value": "3.6.5"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "3.7",
|
|
"version_value": "3.7.2"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "GitHub"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "yvvdwf"
|
|
}
|
|
],
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-22"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.17",
|
|
"name": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.17"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.12",
|
|
"name": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.12"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.9",
|
|
"name": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.9"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.5",
|
|
"name": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.5"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.2",
|
|
"name": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.2"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"discovery": "EXTERNAL"
|
|
}
|
|
} |