@tunz identified a gap in the authorization of our newly shipped fork collaboration feature. The intended use case properly enforced that only maintainers of the parent repository could access fork branches after the PR author granted branch access. However, if a user created a pull request to merge the parent repository into their fork, they could use this feature to gain push access to the parent repository.
Given the severity of this issue, it was fixed immediately after the report was received. Additionally, a full audit was performed to identify all uses and misuses of the new feature. This ensured the vulnerability was not used to gain access to non-testing repositories and no cases of abuse were identified. Given the short lifetime of this issue, no enterprise releases are affected.