CVE-2021-22870

A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported via the GitHub Bug Bounty program.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.19
https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.11
https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.3
https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.19
https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.11
https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.3

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::

History

21 Nov 2024, 05:50

Type	Values Removed	Values Added
References	~~() https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.19 -~~	() https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.19 -
References	~~() https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.11 -~~	() https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.11 -
References	~~() https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.3 -~~	() https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.3 -

16 Nov 2021, 15:06

Type	Values Removed	Values Added
CWE		CWE-22
References	~~(MISC) https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.11 -~~	(MISC) https://docs.github.com/en/enterprise-server@3.1/admin/release-notes#3.1.11 - Release Notes, Third Party Advisory
References	~~(MISC) https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.3 -~~	(MISC) https://docs.github.com/en/enterprise-server@3.2/admin/release-notes#3.2.3 - Release Notes, Third Party Advisory
References	~~(MISC) https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.19 -~~	(MISC) https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.19 - Release Notes, Third Party Advisory
CPE		cpe:2.3:a:github:enterprise_server::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.0 v3 : 6.5

10 Nov 2021, 12:26

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-11-10 02:15

Updated : 2024-11-21 05:50

NVD link : CVE-2021-22870

Mitre link : CVE-2021-22870

CVE.ORG link : CVE-2021-22870

JSON object : View

Products Affected

github

enterprise_server

CWE

CWE-23

Relative Path Traversal

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2021-22870", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-11-10T02:15:06.983", "references": [{"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.19", "source": "product-cna@github.com"}, {"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.11", "source": "product-cna@github.com"}, {"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.3", "source": "product-cna@github.com"}, {"url": "https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.19", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.11", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.3", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "product-cna@github.com", "description": [{"lang": "en", "value": "CWE-23"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported via the GitHub Bug Bounty program."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de salto de ruta en las construcciones de GitHub Pages en GitHub Enterprise Server que podr\u00eda permitir a un atacante leer archivos del sistema. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda permiso para crear y construir un sitio de GitHub Pages en la instancia de GitHub Enterprise Server. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server anteriores a 3.3, y fue corregida en las versiones 3.0.19, 3.1.11 y 3.2.3. Esta vulnerabilidad fue reportada por medio del programa GitHub Bug Bounty"}], "lastModified": "2024-11-21T05:50:48.230", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AAC1986-65CE-4029-BD72-F24BD08E012E", "versionEndExcluding": "3.0.19"}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB3F86C8-98AC-4CF5-A37D-94DCB0AA561F", "versionEndExcluding": "3.1.11", "versionStartIncluding": "3.1.0"}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "908E5FE0-0E89-4A66-95A0-484EFF4AD850", "versionEndExcluding": "3.2.3", "versionStartIncluding": "3.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-cna@github.com"}

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-22870

6.5^/10

4.0^/10

Attach tags to `CVE-2021-22870`