CVE-2012-2055

Name of the Vulnerable Software and Affected Versions GitHub Enterprise versions prior to 20120304

Description The issue allows remote attackers to set the public key[user id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability. This occurs because the software does not properly restrict the use of a hash to provide values for a model's attributes.

Recommendations For GitHub Enterprise versions prior to 20120304, update to a version 20120304 or later to resolve the issue. As a temporary workaround, consider restricting access to the public-key update form to minimize the risk of exploitation. Avoid using the public key[user id] value in the affected form until the issue is resolved.