GitHub Enterprise Server is the on-premise version of GitHub Enterprise. GitHub Enterprise Server shares a code-base with GitHub.com, is built on Ruby on Rails and leverages a number of open source technologies. GitHub Enterprise Server adds a number of features for enterprise infrastructures, including additional authentication backends and clustering options.
You can request a trial of GitHub Enterprise Server for security testing at https://enterprise.github.com/bounty. Code de-obfuscation may be explored to further investigate GitHub Enterprise Server but only for the purpose of the bounty program.
https://enterprise.github.com/loginis a seperate management portal for GitHub Enterprise Server customers and is not in-scope at this time.
Vulnerabilities present in GitHub Enterprise Server when subdomain isolation is disabled. GitHub recommends that all GitHub Enterprise Server installations should have subdomain isolation enabled.
Administrative SSH access grants
sudo to be used to escalate to root permissions. Given this existing level of privilege, local escalation of the administrative account to root permissions is not considered in scope.
GitHub Enterprise Server uses code obfuscation to discourage the modification of the application. We are aware of de-obfuscation techniques that could be used to reveal source code or bypass license restrictions.
|1||500 pts Ioannis Profetis GitHub Enterprise pre-receive hooks access sensitive localhost services|
|2||10000 pts Markus Fenske GitHub Enterprise management console remote code execution|
|3||7500 pts Orange Tsai GitHub Enterprise remote code execution via SSRF|
|4||5000 pts Brian Soby GitHub Enterprise SAML signature bypass|
|5||5000 pts Ioannis Kakavas GitHub Enterprise SAML signature bypass|