Skip to content

Commit 579b467

Browse files
OctomergerOctomerger
authored
Merge pull request #22029 from github/repo-sync
repo sync
2 parents 21e31f6 + 58f0546 commit 579b467

File tree

4 files changed

+24
-0
lines changed

4 files changed

+24
-0
lines changed

data/release-notes/enterprise-server/3-3/16.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
date: '2022-12-06'
2+
3+
sections:
4+
security_fixes:
5+
- |
6+
**HIGH**: Added an extra check to harden against a path traversal bug that could lead to remote code execution in GitHub Pages builds on GitHub Enterprise Server. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This bug was originally reported via GitHub's Bug Bounty program and assigned [CVE-2021-22870](https://nvd.nist.gov/vuln/detail/CVE-2021-22870).

data/release-notes/enterprise-server/3-4/11.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
date: '2022-12-06'
2+
3+
sections:
4+
security_fixes:
5+
- |
6+
**HIGH**: Added an extra check to harden against a path traversal bug that could lead to remote code execution in GitHub Pages builds on GitHub Enterprise Server. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This bug was originally reported via GitHub's Bug Bounty program and assigned [CVE-2021-22870](https://nvd.nist.gov/vuln/detail/CVE-2021-22870).

data/release-notes/enterprise-server/3-5/8.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
date: '2022-12-06'
2+
3+
sections:
4+
security_fixes:
5+
- |
6+
**HIGH**: Added an extra check to harden against a path traversal bug that could lead to remote code execution in GitHub Pages builds on GitHub Enterprise Server. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This bug was originally reported via GitHub's Bug Bounty program and assigned [CVE-2021-22870](https://nvd.nist.gov/vuln/detail/CVE-2021-22870).

data/release-notes/enterprise-server/3-6/4.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
date: '2022-12-06'
2+
3+
sections:
4+
security_fixes:
5+
- |
6+
**HIGH**: Added an extra check to harden against a path traversal bug that could lead to remote code execution in GitHub Pages builds on GitHub Enterprise Server. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This bug was originally reported via GitHub's Bug Bounty program and assigned [CVE-2021-22870](https://nvd.nist.gov/vuln/detail/CVE-2021-22870).

0 commit comments

Comments
 (0)