Severity
Medium
Analysis Summary
CVE-2023-22380
GitHub Enterprise Server could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request when building a GitHub Pages site. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
Impact
- Information Theft
Indicators Of Compromise
CVE
- CVE-2023-22380
Affected Vendors
GitHUB
Affected Products
- GitHub Enterprise Server 3.7.5
Remediation
Upgrade to the latest version of GitHub Enterprise Server, available from the GitHub Website.