GitHub Enterprise Server Authorization Bypass Vulnerability in Secret Scanning Push Protection

A vulnerability allowing authorization bypass in GitHub Enterprise Server was identified. This issue enabled an attacker with admin access on one repository to manipulate the secret scanning push protection bypass reviewer list of another repository. The vulnerability arose from improper authorization checks, allowing actions to be applied to a different repository than intended. This issue affected all versions of GitHub Enterprise Server prior to 3.21.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of secret scanning push protection settings, allowing the assignment of bypass reviewers inappropriately.

Reproduction

To reproduce this vulnerability, an attacker with admin access on a repository can send a request to the bypass reviewers endpoint of a different repository, including a manipulated owner_id parameter. This will bypass the authorization check and apply the changes to the unintended repository.

Remediation

Users can upgrade to GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7, 3.19.4 or 3.20.1.