← Back

CVE-2020-10516

nvd nist
Published: Jun 3, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program.

Affected (3)

Products: Github: Github
Github
1 product
Github
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Github
Github
From 2.18.0 to 2.18.20
Github
From 2.19.0 to 2.19.15
Github
From 2.20.0 to 2.20.9

Related CWEs

CWE-285
Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-552
Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (6)

Source: product-cna@github.com
Release NotesThird Party Advisory
Source: product-cna@github.com
Release NotesThird Party Advisory
Source: product-cna@github.com
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory

Timeline

No history available yet.