Ali Kalout

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions 3.11 through 3.12 **Description** An Improper Privilege Management issue was identified in GitHub Enterprise Server, allowing an attacker to bypass an organization ruleset using a deploy key. The attacker would need access to a valid deploy key for a repository in the organization and repository administrator access. This issue was reported via the GitHub Bug Bounty program. **Recommendations** For GitHub Enterprise Server versions 3.11 through 3.11.7, update to version 3.11.8 to resolve the issue. For GitHub Enterprise Server versions 3.12 through 3.12.1, update to version 3.12.2 to resolve the issue.