GitHub Enterprise Server Improper Authorization Vulnerability in Scoped Tokens Allowing Unauthorized Access to Private Repositories

A vulnerability in GitHub Enterprise Server's handling of scoped user-to-server tokens can lead to unauthorized access to private repositories. This issue arises when a GitHub App installation is revoked or deleted, causing the authorization to incorrectly revert to a global context. As a result, an authenticated attacker can access resources outside the intended scope, potentially including write operations. The vulnerability exploits timing issues in token revocation and SSH push attribution to access private repository contents without the victim's knowledge. This vulnerability affects all versions of GitHub Enterprise Server prior to 3.21.

Impact

Exploitation of this vulnerability allows unauthorized access to private repositories, with the potential to read contents and perform write operations, depending on the accessed resources.

Remediation

Users can upgrade to GitHub Enterprise Server versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, or 3.14.26.