Race Condition Vulnerability in GitHub Enterprise Server Allows Admin to Maintain Permissions on Transferred Repositories

Race Condition Vulnerability in GitHub Enterprise Server Allows Admin to Maintain Permissions on Transferred Repositories

CVE-2023-6690 · LOW Severity

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Learn more about our Cis Benchmark Audit For Server Software.