First published: Wed Jun 03 2020(Updated: )
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program.
Credit: product-cna@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitHub GitHub | >=2.18.0<2.18.20 | |
GitHub GitHub | >=2.19.0<2.19.15 | |
GitHub GitHub | >=2.20.0<2.20.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-10516.
The severity of CVE-2020-10516 is critical, with a CVSS score of 9.8.
All versions of GitHub Enterprise Server prior to 2.18.20, 2.19.15, and 2.20.9 are affected by CVE-2020-10516.
CVE-2020-10516 allows an organization member to escalate permissions and gain access to unauthorized repositories within an organization.
You can find more information about CVE-2020-10516 in the release notes of GitHub Enterprise Server versions 2.18.20, 2.19.15, and 2.20.9.