CVE-2022-0860 Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.

CVE-2022-0860 Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.

This issue was fixed in 3.3.2 or later. There is another type of authorization that you may need to be aware of, which is improper authorization. This issue happens when an app is sharing a repository with another app, with the expectation that they both have the same access to the repo. In reality, only one app may have the access, so this issue is another form of improper authorization. You can avoid this issue by making sure that the other app has the appropriate access to the repo. You can do this by using the App Accessibility feature. You’ll need to be sure to share the repo with the other app in the Repository Settings for your app.

Improper Authorization

Improper authorization occurs when an app is sharing a repository with another app but one of the apps does not have the appropriate access to the repo. This happens most often when two apps share a repository because they both expect to have the same access to it. This issue can also be seen if you remove permissions that an app should have and their information is still present in your app’s Repository settings.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe