How severe is CVE-2021-41598?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-41598?

This is classified as CWE-451, which is a common weakness in software security.

CVE-2021-41598 - HIGH Severity | CVSS 8.8

Vulnerability Description

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but if the user later updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, those additional permissions would not be displayed, leading to more permissions being granted than the user potentially intended. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program.

Related Vulnerabilities

CVE-2020-9236

HIGH

CVSS:8.8(High)

There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability t...

CWE-4512020

CVE-2021-22866

HIGH

CVSS:8.8(High)

CWE-4512021

CVE-2024-43461

HIGH

CVSS:8.8(High)

Windows MSHTML Platform Spoofing Vulnerability

CWE-4512024

CVE-2024-52269

HIGH

CVSS:8.1(High)

User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading...

CWE-4512024

CVE-2024-7529

HIGH

CVSS:8.1(High)

The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115....

CWE-4512024

CVE-2024-23708

CRITICAL

CVSS:9.8(Critical)

In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privile...

CWE-4512024