03-05-2026, 12:30 PM
High
resolved
resolved
Missing Access Control in MigrationFile allows attacker to upload files to any Migration
Bug reported by ahacker1 was disclosed at March 5, 2026, 2:23 am | Insecure Direct Object Reference (IDOR)
A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized content to be uploaded to a user's repository migration export due to a missing authorization check in the repository migration upload endpoint. The vulnerability could be exploited by supplying the migration identifier to overwrite or replace a victim's migration archive.