GitHub Enterprise Server Cross-Site Scripting Vulnerability in Filter Component

A cross-site scripting vulnerability has been identified in GitHub Enterprise Server, specifically within the Filter component used for search. This issue allows for the injection of malicious HTML that can be executed in the context of the user's browser, potentially leading to the exfiltration of sensitive information. The vulnerability affects all versions of GitHub Enterprise Server prior to 3.20. To exploit this vulnerability, an attacker must have permissions to create or modify the names of milestones, issues, pull requests, or similar entities that are rendered in the affected filter or search components.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected HTML is executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, an attacker must inject malicious HTML into a repository element that is rendered by the Filter component. This can be done by creating or modifying a milestone, issue, or pull request with the injected HTML. Once the content is saved, the Filter component will render the HTML, executing any embedded scripts or actions.

Remediation

Users can upgrade to GitHub Enterprise Server versions 3.19.1, 3.18.2, 3.17.8, 3.16.11, 3.15.15, or 3.14.20.