2 matches found
CVE-2021-22862
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference ...
CVE-2021-22862
GitHub Enterprise Server 3.0.0, 3.0.0.rc2, and 3.0.0.rc1 are affected by an improper access control vulnerability that lets an authenticated user who can fork a repository disclose Actions secrets from the parent repository. The root cause is a flaw that allows the base reference of a PR to be up...