How severe is CVE-2021-22862?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2021-22862?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2021-22862

MEDIUM Year: 2021

CVSS v3 Score

6.5

Medium

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-285

View all →

Vulnerability Description

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program.

CVE-2015-10033

MEDIUM

CVSS:6.5(Medium)

A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. T...

CWE-2852015

CVE-2017-0896

MEDIUM

CVSS:6.5(Medium)

Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite oth...

CWE-2852017

CVE-2017-0927

MEDIUM

CVSS:6.5(Medium)

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.

CWE-2852017

CVE-2017-2686

MEDIUM

CVSS:6.5(Medium)

Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive informati...

CWE-2852017

CVE-2017-9268

MEDIUM

CVSS:6.5(Medium)

In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did no...

CWE-2852017

CVE-2018-0391

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is d...

CWE-2852018

CVE-2021-22862

Vulnerability Description

Related Vulnerabilities

CVE-2015-10033

CVE-2017-0896

CVE-2017-0927

CVE-2017-2686

CVE-2017-9268

CVE-2018-0391