Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Privilege Management allows for arbitrary workflows to be run
Vulnerability Description
Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
特权管理不恰当
Vulnerability Title
GitHub Enterprise Server 安全漏洞
Vulnerability Description
GitHub Enterprise Server是美国GitHub开源的一个应用软件。提供一个将自己的GitHub实例设置为虚拟设备,从而提供可扩展,易于管理的平台。 GitHub Enterprise Server 3.8.12之前、3.9.7之前、3.10.4之前和 3.11.1之前版本存在安全漏洞,该漏洞源于不正确的权限管理允许使用范围不正确的 PAT 提交和运行任意工作流。
CVSS Information
N/A
Vulnerability Type
N/A