Vaibhav Singh

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.14 GitHub Enterprise Server version 3.13.3 GitHub Enterprise Server version 3.12.8 GitHub Enterprise Server version 3.11.14 GitHub Enterprise Server version 3.10.16 **Description** An Incorrect Authorization issue was identified in GitHub Enterprise Server, allowing a GitHub App with limited permissions to read issue content inside a private repository. This was only exploitable via user access token, and installation access token was not impacted. The issue was reported via the GitHub Bug Bounty program and has been exploited in real-world attacks. **Recommendations** For GitHub Enterprise Server versions prior to 3.14, update to version 3.13.3, 3.12.8, 3.11.14, or 3.10.16 to resolve the issue. As a temporary workaround, consider restricting access to private repositories for GitHub Apps with content: read and pull request write: write permissions until the update is applied. Avoid using user access tokens for GitHub Apps with limited permissions in private repositories until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.7 GitHub Enterprise Server versions 3.3 through 3.3.15 GitHub Enterprise Server versions 3.4 through 3.4.10 GitHub Enterprise Server versions 3.5 through 3.5.7 GitHub Enterprise Server versions 3.6 through 3.6.3 **Description** An incorrect authorization issue was identified in GitHub Enterprise Server, allowing a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This issue was reported via the GitHub Bug Bounty program. **Recommendations** For GitHub Enterprise Server versions 3.3 through 3.3.15, update to version 3.3.16. For GitHub Enterprise Server versions 3.4 through 3.4.10, update to version 3.4.11. For GitHub Enterprise Server versions 3.5 through 3.5.7, update to version 3.5.8. For GitHub Enterprise Server versions 3.6 through 3.6.3, update to version 3.6.4. As a temporary workaround, consider restricting access to the Create or Update file contents API until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.3.17 GitHub Enterprise Server versions prior to 3.4.12 GitHub Enterprise Server versions prior to 3.5.9 GitHub Enterprise Server versions prior to 3.6.5 **Description** An incorrect authorization issue was identified in GitHub Enterprise Server, allowing a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This issue was reported via the GitHub Bug Bounty program. **Recommendations** For versions prior to 3.3.17, update to version 3.3.17 or later. For versions prior to 3.4.12, update to version 3.4.12 or later. For versions prior to 3.5.9, update to version 3.5.9 or later. For versions prior to 3.6.5, update to version 3.6.5 or later.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.3 **Description** A UI misrepresentation issue was identified that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this, an attacker would need to create a GitHub App and have a user authorize it through the web authentication flow. The issue occurred when a user updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, leading to more permissions being granted than the user potentially intended. **Recommendations** For versions prior to 3.2.5, update to version 3.2.5 or later. For versions prior to 3.1.13, update to version 3.1.13 or later. For versions prior to 3.0.21, update to version 3.0.21 or later. As a temporary workaround, consider restricting the use of GitHub Apps that configure additional user-level permissions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions 2.22.x prior to 2.22.13 GitHub Enterprise Server versions 3.0.x prior to 3.0.7 **Description** A UI misrepresentation issue was identified that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user. To exploit this, an attacker would need to create a GitHub App and have a user authorize it. During the initial authorization, all permissions are properly shown, but if the user revisits the authorization flow after the GitHub App configures additional user-level permissions, those extra permissions may not be displayed, leading to more permissions being granted than intended. **Recommendations** For GitHub Enterprise Server versions 2.22.x prior to 2.22.13, update to version 2.22.13 to resolve the issue. For GitHub Enterprise Server versions 3.0.x prior to 3.0.7, update to version 3.0.7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GitLab versions prior to 12.10.13 **Description** An issue has been discovered that allowed a project member with limited permissions to view the project security dashboard. **Recommendations** For versions prior to 12.10.13, update to version 12.10.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 2.21 **Description** An improper access control issue was identified in the GitHub Enterprise Server API, allowing an organization member to escalate permissions and gain access to unauthorized repositories within an organization. **Recommendations** For versions prior to 2.21, update to version 2.20.9, 2.19.15, or 2.18.20 to resolve the issue.