PT-2026-24363 · Github · Github Enterprise Server
Ahacker1
·
Published
2026-03-10
·
Updated
2026-03-25
·
CVE-2026-3306
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
GitHub Enterprise Server versions 3.14.24 through 3.19.3
Description
An improper authorization issue was found in GitHub Enterprise Server. A user with read access to a repository and write access to a project could modify issue and pull request metadata through the project. Column value updates were applied without verifying the actor's repository write permissions when adding an item to an existing project. This issue was reported through the GitHub Bug Bounty program.
Recommendations
Update to GitHub Enterprise Server version 3.14.24.
Update to GitHub Enterprise Server version 3.15.19.
Update to GitHub Enterprise Server version 3.16.15.
Update to GitHub Enterprise Server version 3.17.12.
Update to GitHub Enterprise Server version 3.18.6.
Update to GitHub Enterprise Server version 3.19.3.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Github Enterprise Server