PT-2020-12186 · Github · Github Enterprise Server

Vaibhav Singh

Published

2020-06-03

Updated

2020-06-05

CVE-2020-10516

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 2.21

Description An improper access control issue was identified in the GitHub Enterprise Server API, allowing an organization member to escalate permissions and gain access to unauthorized repositories within an organization.

Recommendations For versions prior to 2.21, update to version 2.20.9, 2.19.15, or 2.18.20 to resolve the issue.

Fix

Improper Authorization

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-552

Related Identifiers

CVE-2020-10516

Affected Products

Github Enterprise Server

PT-2020-12186 · Github · Github Enterprise Server

CVE-2020-10516

Weakness Enumeration

Related Identifiers

Affected Products

References · 5