What is the severity of CVE-2020-10518?

The severity of CVE-2020-10518 is high (8.8).

What is the affected software of CVE-2020-10518?

The affected software of CVE-2020-10518 is GitHub Enterprise Server versions 2.19.21, 2.20.0 to 2.20.15, and 2.21.0 to 2.21.6.

How can CVE-2020-10518 be exploited?

CVE-2020-10518 can be exploited when building a GitHub Pages site by user-controlled configuration of the underlying parsers used by GitHub Pages.

How can I fix CVE-2020-10518?

To fix CVE-2020-10518, users should update their GitHub Enterprise Server installations to a version that includes the necessary security patches.

Is there any additional information available about CVE-2020-10518?

Yes, you can find additional information about CVE-2020-10518 in the release notes of GitHub Enterprise Server versions 2.19.21, 2.20.15, and 2.21.6.

Vulnerability/
CVE-2020-10518

high

8.8

CWE

27/8/2020

4/8/2024

CVE-2020-10518: Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server

First published: Thu Aug 27 2020(Updated: )

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program.

Credit: product-cna@github.com

Affected Software	Affected Version	How to fix
GitHub GitHub	<2.19.21
GitHub GitHub	>=2.20.0<2.20.15
GitHub GitHub	>=2.21.0<2.21.6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-10518?
The severity of CVE-2020-10518 is high (8.8).
What is the affected software of CVE-2020-10518?
The affected software of CVE-2020-10518 is GitHub Enterprise Server versions 2.19.21, 2.20.0 to 2.20.15, and 2.21.0 to 2.21.6.
How can CVE-2020-10518 be exploited?
CVE-2020-10518 can be exploited when building a GitHub Pages site by user-controlled configuration of the underlying parsers used by GitHub Pages.
How can I fix CVE-2020-10518?
To fix CVE-2020-10518, users should update their GitHub Enterprise Server installations to a version that includes the necessary security patches.
Is there any additional information available about CVE-2020-10518?
Yes, you can find additional information about CVE-2020-10518 in the release notes of GitHub Enterprise Server versions 2.19.21, 2.20.15, and 2.21.6.

agent/type
collector/nvd-index
agent/software-canonical-lookup-request
agent/references
agent/weakness
agent/severity
agent/author
agent/softwarecombine
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/title
agent/tags
agent/first-publish-date
agent/event
vendor/github
canonical/github github
version/github github/2.20.0
version/github github/2.21.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.