GitHub: Github Apps can use Scoped-User-To-Server Tokens to Obtain Full Access to User's Projects in Project V2 GraphQL api
An incorrect authorization vulnerability was found in GitHub Enterprise Server that allowed GitHub Apps to gain access to and modify most organization-level resources that are not tied to a repository, regardless of granted permissions. This vulnerability affected all versions of GitHub Enterpris...