CVE-2020-10516

Опубликовано: 03 июн. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program.

Ссылки

https://enterprise.github.com/releases/2.18.20/notes
Release Notes
Third Party Advisory
https://enterprise.github.com/releases/2.19.15/notes
Release Notes
Third Party Advisory
https://enterprise.github.com/releases/2.20.9/notes
Release Notes
Third Party Advisory
https://enterprise.github.com/releases/2.18.20/notes
Release Notes
Third Party Advisory
https://enterprise.github.com/releases/2.19.15/notes
Release Notes
Third Party Advisory
https://enterprise.github.com/releases/2.20.9/notes
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*

Версия от 2.18.0 (включая) до 2.18.20 (исключая)

cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*

Версия от 2.19.0 (включая) до 2.19.15 (исключая)

cpe:2.3:a:github:github:*:*:*:*:enterprise:*:*:*

Версия от 2.20.0 (включая) до 2.20.9 (исключая)

EPSS

Процентиль: 59%

0.0038

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-285

CWE-552

Связанные уязвимости

GHSA-f436-2f67-fg74

github

больше 3 лет назад

EPSS

Процентиль: 59%

0.0038

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-285

CWE-552