Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2021-22862
HistoryMar 03, 2021 - 4:15 a.m.

Improper access control

2021-03-0304:15:00
PRIOn knowledge base
www.prio-n.com
6

0.001 Low

EPSS

Percentile

28.4%

JSON

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program.

CPENameOperatorVersion
githubeq3.0.0 rc1
githubeq3.0.0 rc2
githubeq3.0.0

Related

nvd 1
cve 1
cvelist 1
nvd
nvd
CVE-2021-22862
2021-03-03 04:15:13
cve
cve
CVE-2021-22862
2021-03-03 04:15:13
cvelist
cvelist
CVE-2021-22862 Improper access control in GitHub Enterprise Server leading to the disclosure of Actions secrets to forks
2021-03-03 03:25:22

0.001 Low

EPSS

Percentile

28.4%

JSON
Related for PRION:CVE-2021-22862
nvd1cve1cvelist1