A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_P

Published: 2023-12-21T20:45:19.285Z

Updated: 2024-08-02T08:35:14.855Z

Reserved: 2023-12-11T17:06:22.719Z

Link: CVE-2023-6690

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-21T21:15:14.053

Modified: 2024-11-21T08:44:22.093

Link: CVE-2023-6690

cve-icon Redhat

No data.