Removes details about a security vulnerability from 3.12.1 release no…

…tes (#49807)
github · Mar 21, 2024 · e8f2761 · e8f2761
1 parent 2e9c405
commit e8f2761
Showing 1 changed file with 0 additions and 2 deletions.
diff --git a/data/release-notes/enterprise-server/3-12/1.yml b/data/release-notes/enterprise-server/3-12/1.yml
@@ -5,8 +5,6 @@ sections:
       **HIGH:** An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. GitHub has requested CVE ID [CVE-2024-2469](https://www.cve.org/cverecord?id=CVE-2024-2469) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
     - |
       **HIGH:** An attacker with an editor role in the Management Console could gain SSH access to the instance by command injection when configuring GeoJSON settings. GitHub has requested CVE ID [CVE-2024-2443](https://www.cve.org/cverecord?id=CVE-2024-2443) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      **MEDIUM:** An attacker could maintain admin access to a detached repository in a race condition by making a GraphQL mutation to alter repository permissions while the repository is detached. GitHub has requested CVE ID [CVE-2024-2440](https://nvd.nist.gov/vuln/detail/CVE-2024-2440) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
     - |
       **MEDIUM**: An attacker could execute CSRF attacks to perform unauthorized actions on behalf of an unsuspecting user, using the GraphQL mutations. A mitigating factor is that user interaction is required. GitHub has requested CVE ID [CVE-2024-2748](https://nvd.nist.gov/vuln/detail/CVE-2024-2748) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
     - |