A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_P
Published: 2023-12-21T20:45:19.285Z
Updated: 2024-08-02T08:35:14.855Z
Reserved: 2023-12-11T17:06:22.719Z
Link: CVE-2023-6690
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-21T21:15:14.053
Modified: 2024-11-21T08:44:22.093
Link: CVE-2023-6690
Redhat
No data.