Security feature bypass

2012-04-0514:55:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON

GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model’s attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a “mass assignment” vulnerability.

CPENameOperatorVersion
githublt20120304

CPE	Name	Operator	Version
	github	lt	20120304

References

lwn.net/Articles/488702/

exchange.xforce.ibmcloud.com/vulnerabilities/74812

github.com/blog/1068-public-key-security-vulnerability-and-mitigation

homakov.blogspot.com/2012/03/how-to.html