CVE-2020-10516

Summary

An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program.

Affected Software

VendorProductVersion RangeStatus
GitHubGitHub Enterprise Server2.20 < 2.20.9affected
GitHubGitHub Enterprise Server2.19 < 2.19.15affected
GitHubGitHub Enterprise Server2.18 < 2.18.20affected

Weaknesses

  • CWE-285: CWE-285: Improper Authorization

ADP Enrichment

CVE Program Container

Additional References

References