QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2055

Published: Apr 4, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://homakov.blogspot.com/2012/03/how-to.html

x_refsource_MISC

http://lwn.net/Articles/488702/

x_refsource_MISC

https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation

x_refsource_CONFIRM

github-hash-security-bypass(74812)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.