From e8f2761fcd094a01073c7351fe659dcae14ead55 Mon Sep 17 00:00:00 2001
From: Shilpa Kumari <82128924+shilpakum@users.noreply.github.com>
Date: Thu, 21 Mar 2024 10:56:10 -0700
Subject: [PATCH] Removes details about a  security vulnerability from 3.12.1
 release notes (#49807)

---
 data/release-notes/enterprise-server/3-12/1.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/data/release-notes/enterprise-server/3-12/1.yml b/data/release-notes/enterprise-server/3-12/1.yml
index a801d590f81a..5f1d6a11861a 100644
--- a/data/release-notes/enterprise-server/3-12/1.yml
+++ b/data/release-notes/enterprise-server/3-12/1.yml
@@ -5,8 +5,6 @@ sections:
       **HIGH:** An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. GitHub has requested CVE ID [CVE-2024-2469](https://www.cve.org/cverecord?id=CVE-2024-2469) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
     - |
       **HIGH:** An attacker with an editor role in the Management Console could gain SSH access to the instance by command injection when configuring GeoJSON settings. GitHub has requested CVE ID [CVE-2024-2443](https://www.cve.org/cverecord?id=CVE-2024-2443) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
-    - |
-      **MEDIUM:** An attacker could maintain admin access to a detached repository in a race condition by making a GraphQL mutation to alter repository permissions while the repository is detached. GitHub has requested CVE ID [CVE-2024-2440](https://nvd.nist.gov/vuln/detail/CVE-2024-2440) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
     - |
       **MEDIUM**: An attacker could execute CSRF attacks to perform unauthorized actions on behalf of an unsuspecting user, using the GraphQL mutations. A mitigating factor is that user interaction is required. GitHub has requested CVE ID [CVE-2024-2748](https://nvd.nist.gov/vuln/detail/CVE-2024-2748) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
     - |