Описание
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
Ссылки
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия от 3.8.0 (включая) до 3.8.12 (исключая)Версия от 3.9.0 (включая) до 3.9.7 (исключая)Версия от 3.10.0 (включая) до 3.10.4 (исключая)
Одно из
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00088
Низкий
3.9 Low
CVSS3
2 Low
CVSS3
Дефекты
CWE-367
CWE-367
Связанные уязвимости
CVSS3: 3.9
github
около 2 лет назад
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
EPSS
Процентиль: 25%
0.00088
Низкий
3.9 Low
CVSS3
2 Low
CVSS3
Дефекты
CWE-367
CWE-367