vendor:
Github Enterprise
by:
iblue
9,8
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: Github Enterprise
Affected Version From: 2.8.0
Affected Version To: 2.8.6
Patch Exists: YES
Related CWE: N/A
CPE: a:github:github_enterprise
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2017
Github Enterprise RCE Exploit
This exploit allows an attacker to execute arbitrary code on vulnerable versions of Github Enterprise (2.8.0 - 2.8.6). The exploit works by constructing a malicious cookie and sending it to the server, which then executes the code contained in the cookie.
Mitigation:
Upgrade to a version of Github Enterprise that is not vulnerable to this exploit.
