A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
github enterprise server |
||
github enterprise server 3.11.0 |