5 matches found
CVE-2025-68270
The Open edX Platform is a learning management platform. Prior to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, CourseLimitedStaffRole users are able to access and edit courses in studio if they are granted the role on an org rather than on a course, and CourseLimitedStaffRole users are able t...
Pushing Boundaries With Claude Code
Claude Code stormed onto the programming scene when Anthropic launched it in February of this year. It moved, what Andrej Karpathy has called "The Autonomy Slider" from around a three to a solid eight. What this means is that you can give Claude Code direction, it will come up with a plan to...
CVE-2022-23739
An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that a...
Enforcement vs. Enrollment-based Security: How to Balance Security and Employee Trust
Challenges with an enforcement-based approach An enforcement-based approach to security begins with a security policy backed by security controls, often heavy-handed and designed to prevent employees from engaging in risky behavior or inadvertently expanding the potential attack surface of an...
GitHub: Github Apps can use Scoped-User-To-Server Tokens to Obtain Full Access to User's Projects in Project V2 GraphQL api
An incorrect authorization vulnerability was found in GitHub Enterprise Server that allowed GitHub Apps to gain access to and modify most organization-level resources that are not tied to a repository, regardless of granted permissions. This vulnerability affected all versions of GitHub Enterpris...