GitHub Enterprise Server Path Traversal Vulnerability in Pages Component Allows Remote Code Execution

A path traversal vulnerability has been identified in GitHub Enterprise Server 3.7.0, which allows remote code execution when building a GitHub Pages site. The vulnerability arises from improper validation of file paths, enabling arbitrary file overwrites. To exploit this issue, an attacker must have permission to create and build GitHub Pages on the affected instance.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where GitHub Enterprise is hosted.

Reproduction

To reproduce this vulnerability, create a GitHub Pages site on a GitHub Enterprise Server 3.7.0 instance. The path traversal vulnerability can be exploited by uploading a file that takes advantage of the improper validation of file paths, leading to an arbitrary file overwrite. Once the file is overwritten, it can be executed as code, resulting in remote code execution.

Remediation

Users can upgrade to GitHub Enterprise Server 3.7.1, which addresses the vulnerability by adding a check to ensure the working directory is clean before unpacking new content, preventing the arbitrary file overwrite.