HIGH🇬🇧 English

CVE-2012-2055

CVSS 7.5v3.1pub. 2012-04-05upd. 2026-04-29

GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • GitHub

    APP
    Github
    < 20120304
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-10516CRITICAL9.8ten sam produkt

An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an or...

CVE-2017-18365CRITICAL9.8ten sam produkt

The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthe...

CVE-2021-22863HIGH8.1ten sam produkt

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allow...

CVE-2020-10519HIGH8.8ten sam produkt

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when ...

CVE-2020-10518HIGH8.8ten sam produkt

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when ...

CVE-2012-2055 — HIGH 7.5 | CVEbaza.pl