GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NGitHub
APPGithub< 20120304
Powiązane podatności
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an or...
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthe...
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allow...
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when ...
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when ...