2012-04-04 10:00:00
mitre
PUBLISHED
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a models attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability.