Andrea Valenza

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.14 **Description** A Security Misconfiguration issue in GitHub Enterprise Server allowed unauthorized users to access sensitive information by exploiting the organization ruleset feature. This required an organization member to change the visibility of a dependent repository from private to public. The issue was reported via the GitHub Bug Bounty program. **Recommendations** For versions prior to 3.13.1, update to version 3.13.1 or later. For versions prior to 3.12.6, update to version 3.12.6 or later. For versions prior to 3.11.12, update to version 3.11.12 or later. For versions prior to 3.10.14, update to version 3.10.14 or later. For versions prior to 3.9.17, update to version 3.9.17 or later.