How severe is CVE-2021-22866?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-22866?

This is classified as CWE-451, which is a common weakness in software security.

CVE-2021-22866 - HIGH Severity | CVSS 8.8

Vulnerability Description

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but in certain circumstances, if the user revisits the authorization flow after the GitHub App has configured additional user-level permissions, those additional permissions may not be shown, leading to more permissions being granted than the user potentially intended. This vulnerability affected GitHub Enterprise Server 3.0.x prior to 3.0.7 and 2.22.x prior to 2.22.13. It was fixed in versions 3.0.7 and 2.22.13. This vulnerability was reported via the GitHub Bug Bounty program.

Related Vulnerabilities

CVE-2020-9236

HIGH

CVSS:8.8(High)

There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability t...

CWE-4512020

CVE-2021-41598

HIGH

CVSS:8.8(High)

CWE-4512021

CVE-2024-43461

HIGH

CVSS:8.8(High)

Windows MSHTML Platform Spoofing Vulnerability

CWE-4512024

CVE-2024-52269

HIGH

CVSS:8.1(High)

User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading...

CWE-4512024

CVE-2024-7529

HIGH

CVSS:8.1(High)

The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115....

CWE-4512024

CVE-2024-23708

CRITICAL

CVSS:9.8(Critical)

In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privile...

CWE-4512024