Skip to content

Commit 2a6347a

Browse files
SaraClementsSaraClements
authored
Security 4521 update (#24621)
1 parent 300a629 commit 2a6347a

File tree

3 files changed

+3
-0
lines changed

3 files changed

+3
-0
lines changed

data/release-notes/enterprise-server/3-0/21.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ date: '2021-12-07'
22
sections:
33
security_fixes:
44
- Support bundles could include sensitive files if they met a specific set of conditions.
5+
- A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program and has been assigned [CVE-2021-41598](https://www.cve.org/CVERecord?id=CVE-2021-41598).
56
bugs:
67
- Running `ghe-config-apply` could sometimes fail because of permission issues in `/data/user/tmp/pages`.
78
- A misconfiguration in the Management Console caused scheduling errors.

data/release-notes/enterprise-server/3-1/13.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ date: '2021-12-07'
22
sections:
33
security_fixes:
44
- Support bundles could include sensitive files if they met a specific set of conditions.
5+
- A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program and has been assigned [CVE-2021-41598](https://www.cve.org/CVERecord?id=CVE-2021-41598).
56
bugs:
67
- Running `ghe-config-apply` could sometimes fail because of permission issues in `/data/user/tmp/pages`.
78
- A misconfiguration in the Management Console caused scheduling errors.

data/release-notes/enterprise-server/3-2/5.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ date: '2021-12-07'
22
sections:
33
security_fixes:
44
- Support bundles could include sensitive files if they met a specific set of conditions.
5+
- A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program and has been assigned [CVE-2021-41598](https://www.cve.org/CVERecord?id=CVE-2021-41598).
56
bugs:
67
- In some cases when Actions was not enabled, `ghe-support-bundle` reported an unexpected message `Unable to find MS SQL container.`
78
- Running `ghe-config-apply` could sometimes fail because of permission issues in `/data/user/tmp/pages`.

0 commit comments

Comments
 (0)