CVE-2021-22869 Improper access control in GitHub Enterprise Server allows self-hosted runners to execute outside their control group
An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group...