Security News > 2020 > October > Serious Vulnerability in GitHub Enterprise Earns Researcher $20,000

Serious Vulnerability in GitHub Enterprise Earns Researcher $20,000
2020-10-20 12:33

A security researcher says he has earned $20,000 for a high-severity GitHub Enterprise vulnerability that might have allowed an attacker to execute arbitrary commands.

GitHub Enterprise, the on-premises version of GitHub.com, is designed to make it easier for large enterprise software development teams to collaborate.

In June, Australia-based software developer and security researcher William Bowling informed GitHub via its bug bounty program that he had identified a potentially serious vulnerability.

"To exploit this vulnerability, an attacker would need permission to access repositories within the GitHub Enterprise Server instance. However, due to other protections in place, we could not identify a way to actively exploit this vulnerability," GitHub explained.

The vulnerability was patched in August with the release of GitHub Enterprise 2.21.4, which also fixes a critical remote code execution vulnerability identified in GitHub Pages.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/IzoRGfPQjsM/serious-vulnerability-github-enterprise-earns-researcher-20000

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 2 45 29 19 95