A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Enterprise_server | Github | 3.7.0 (including) | 3.7.19 (excluding) |
| Enterprise_server | Github | 3.8.0 (including) | 3.8.12 (excluding) |
| Enterprise_server | Github | 3.9.0 (including) | 3.9.7 (excluding) |
| Enterprise_server | Github | 3.10.0 (including) | 3.10.4 (excluding) |
| Enterprise_server | Github | 3.11.0 (including) | 3.11.0 (including) |