NVD

Vulnerability Change Records for CVE-2023-46645

Action	Type	New Value
Added	Description	A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.
Added	CVSS V3.1	GitHub, Inc. (Products Only) AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Added	CWE	GitHub, Inc. (Products Only) CWE-22
Added	Reference	GitHub, Inc. (Products Only) https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 [No types assigned]
Added	Reference	GitHub, Inc. (Products Only) https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 [No types assigned]
Added	Reference	GitHub, Inc. (Products Only) https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19 [No types assigned]
Added	Reference	GitHub, Inc. (Products Only) https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 [No types assigned]
Added	Reference	GitHub, Inc. (Products Only) https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 [No types assigned]