Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper access control in GitHub Enterprise Server leading to unauthorized write access to forkable repositories
Vulnerability Description
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS Information
N/A
Vulnerability Type
授权机制不恰当
Vulnerability Title
GitHub Enterprise Server 安全漏洞
Vulnerability Description
GitHub是一套面向开源及私有软件项目的托管平台。 GitHub Enterprise Server 存在安全漏洞,该漏洞允许实例的经过身份验证的用户通过特别设计的pull请求和REST API请求获得对未授权存储库的写访问权。以下产品及版本:GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1。
CVSS Information
N/A
Vulnerability Type
N/A