Djcruz93

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.0.4 GitHub Enterprise Server versions prior to 2.22.10 GitHub Enterprise Server versions prior to 2.21.18 **Description** An improper access control issue was identified that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this, an attacker would need to create a GitHub App and have a user authorize it, with the private repository metadata returned being limited to repositories owned by the user the token identifies. **Recommendations** For versions prior to 3.0.4, update to version 3.0.4 or later. For versions prior to 2.22.10, update to version 2.22.10 or later. For versions prior to 2.21.18, update to version 2.21.18 or later.