Primary

Context

GitHub Enterprise Server Incorrect Authorization Vulnerability in Search API

Vulnerability

Patched

A vulnerability allowing incorrect authorization was identified in GitHub Enterprise Server. This issue permitted authenticated users with classic personal access tokens (PATs) that lacked the repo scope to access issues and commits from private and internal repositories through the search REST API endpoints. To exploit this vulnerability, users must have had existing access to the targeted repository via organization membership or collaboration. This vulnerability affects all versions of GitHub Enterprise Server prior to 3.20.

Impact

Exploitation of this vulnerability could lead to unauthorized access to private and internal repository data, including issues and commit information.

Remediation

Users can upgrade to GitHub Enterprise Server versions 3.16.15, 3.17.12, 3.18.6, or 3.19.3 to address this vulnerability.

Added: Mar 10, 2026, 8:22 PM

Updated: Mar 10, 2026, 8:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

5.2

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

5.2

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitHub Enterprise Server Incorrect Authorization Vulnerability in Search API

Vulnerability

Impact

Remediation

Affected Products

GitHub Enterprise Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating