NVD

Id
43908  
Name
CVE-2012-2055  
Description
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model"s attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2012-04-05  
Modified Date
2012-04-09  
Seq
2012-2055  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
220517 43908 CVE-2012-2055 http://homakov.blogspot.com/2012/03/how-to.html  View
220518 43908 CVE-2012-2055 http://lwn.net/Articles/488702/  View
220519 43908 CVE-2012-2055 https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
26291 JVNDB-2012-001998 GitHub Enterprise における public_key[user_id] の値を設定される脆弱性 GitHub Enterprise は、model 属性の値を提供するためのハッシュの使用を適切に制限しないため、public_key[user_id] の値を設定される脆弱性が存在します。 CVE-2012-2055 55293 CVE-2012-2055 43908 5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001998.html 2012-04-04 2012-04-06 View