GitHub Enterprise Server

Synopsis

GitHub Enterprise Server is the on-premise version of GitHub Enterprise. GitHub Enterprise Server shares a code-base with GitHub.com, is built on Ruby on Rails and leverages a number of open source technologies. GitHub Enterprise Server adds a number of features for enterprise infrastructures, including additional authentication backends and clustering options.

You can request a trial of GitHub Enterprise Server for security testing at https://enterprise.github.com/bounty. Code de-obfuscation may be explored to further investigate GitHub Enterprise Server but only for the purpose of the bounty program.

Focus areas

Out of scope

Ineligible submissions

Vulnerabilities caused by lack of subdomain isolation

Vulnerabilities present in GitHub Enterprise Server when subdomain isolation is disabled. GitHub recommends that all GitHub Enterprise Server installations should have subdomain isolation enabled.

Escalation to the root user via sudo

Administrative SSH access grants sudo to be used to escalate to root permissions. Given this existing level of privilege, local escalation of the administrative account to root permissions is not considered in scope.

Bypassing source code de-obfuscation

GitHub Enterprise Server uses code obfuscation to discourage the modification of the application. We are aware of de-obfuscation techniques that could be used to reveal source code or bypass license restrictions.

Submit a vulnerability for GitHub Enterprise Server

Recently collected GitHub Enterprise Server bounties:

1 Psychotropos 500 pts Ioannis Profetis GitHub Enterprise pre-receive hooks access sensitive localhost services
2 iblue 10000 pts Markus Fenske GitHub Enterprise management console remote code execution
3 orangetw 7500 pts Orange Tsai GitHub Enterprise remote code execution via SSRF
4 soby 5000 pts Brian Soby GitHub Enterprise SAML signature bypass
5 jkakavas 5000 pts Ioannis Kakavas GitHub Enterprise SAML signature bypass