Attackers can successfully request arbitrary snippet IDs,...
Moderate severity
Unreviewed
Published
Jun 20, 2023
to the GitHub Advisory Database
•
Updated Jan 21, 2024
Description
Published by the National Vulnerability Database
Jun 20, 2023
Published to the GitHub Advisory Database
Jun 20, 2023
Last updated
Jan 21, 2024
Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared with other users. No publicly available exploits are known.
References