[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

115228

 
 

909

 
 

90122

 
 

140

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2012-2055Date: (C)2012-04-05   (M)2018-02-19


GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
github-hash-security-bypass(74812)
http://homakov.blogspot.com/2012/03/how-to.html
http://lwn.net/Articles/488702/
https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation

CWE    1
CWE-255

© SecPod Technologies