PT-2026-24363 · Github · Github Enterprise Server
Ahacker1
·
Publicado
2026-03-10
·
Atualizado
2026-03-25
·
CVE-2026-3306
CVSS v4.0
5.3
Média
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
GitHub Enterprise Server versions 3.14.24 through 3.19.3
Description
An improper authorization issue was found in GitHub Enterprise Server. A user with read access to a repository and write access to a project could modify issue and pull request metadata through the project. Column value updates were applied without verifying the actor's repository write permissions when adding an item to an existing project. This issue was reported through the GitHub Bug Bounty program.
Recommendations
Update to GitHub Enterprise Server version 3.14.24.
Update to GitHub Enterprise Server version 3.15.19.
Update to GitHub Enterprise Server version 3.16.15.
Update to GitHub Enterprise Server version 3.17.12.
Update to GitHub Enterprise Server version 3.18.6.
Update to GitHub Enterprise Server version 3.19.3.
Correção
IDOR
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Github Enterprise Server