Vulnerabilities > CVE-2012-2055 - Improper Control of Dynamically-Managed Code Resources vulnerability in Github
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://homakov.blogspot.com/2012/03/how-to.html
- http://homakov.blogspot.com/2012/03/how-to.html
- http://lwn.net/Articles/488702/
- http://lwn.net/Articles/488702/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74812
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74812
- https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation
- https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation