Описание
A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
Ссылки
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия от 3.7.0 (включая) до 3.7.19 (исключая)Версия от 3.8.0 (включая) до 3.8.12 (исключая)Версия от 3.9.0 (включая) до 3.9.7 (исключая)Версия от 3.10.0 (включая) до 3.10.4 (исключая)
Одно из
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00147
Низкий
6.3 Medium
CVSS3
7 High
CVSS3
Дефекты
CWE-367
CWE-367
Связанные уязвимости
CVSS3: 6.3
github
около 2 лет назад
A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
EPSS
Процентиль: 35%
0.00147
Низкий
6.3 Medium
CVSS3
7 High
CVSS3
Дефекты
CWE-367
CWE-367