CVE-2020-10516
CRITICALGitHub Enterprise Server <2.21 - Privilege Escalation
Title source: llmDescription
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program.
References (3)
Core 3
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://enterprise.github.com/releases/2.20.9/notes
Release Notes, Third Party Advisory x_refsource_misc
https://enterprise.github.com/releases/2.19.15/notes
Release Notes, Third Party Advisory x_refsource_misc
https://enterprise.github.com/releases/2.18.20/notes
Scores
CVSS v3
9.8
EPSS
0.0159
EPSS Percentile
72.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-552
CWE-285
Status
published
Products (1)
github/github
2.18.0 - 2.18.20
Published
Jun 03, 2020
Tracked Since
Feb 18, 2026