Lucene search

[email protected]CVE-2012-2055

HistoryApr 05, 2012 - 2:55 p.m.

CVE-2012-2055

2012-04-0514:55:06

CWE-913

[email protected]

web.nvd.nist.gov

github

enterprise

cve-2012-2055

mass assignment

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.003 Low

EPSS

Percentile

69.8%

JSON

GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model’s attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a “mass assignment” vulnerability.

Affected configurations

NVD

Node

githubgithubRange<20120304enterprise

CPENameOperatorVersion
github:githubgithublt20120304

CPE	Name	Operator	Version
github:github	github	lt	20120304

References

homakov.blogspot.com/2012/03/how-to.html

lwn.net/Articles/488702/

exchange.xforce.ibmcloud.com/vulnerabilities/74812

github.com/blog/1068-public-key-security-vulnerability-and-mitigation

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.003 Low

EPSS

Percentile

69.8%

JSON

Related for CVE-2012-2055

prion1 cvelist1 nvd1