Описание
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability.
Ссылки
- Issue Tracking
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Issue Tracking
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 20120304 (исключая)
cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 77%
0.01066
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-913
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability.
EPSS
Процентиль: 77%
0.01066
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-913