Persistent Unauthorized Administrative Access on All Organization Repositories via RC in User Conversion to Organization
Medium
G
GitHub
Submitted None
Team Summary
Official summary from GitHub
A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
Actions:
Reported by
inspector-ambitious
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Authentication - Generic