GitHub has discovered an error in the logic used to enforce OAuth App access restrictions, which restrict OAuth integration access to an organization's private repositories. In certain situations, when a member of an organization granted access to a third-party OAuth integration, that integration could have been given more access to some of your organization’s repositories than we intended to allow.

When an organization enables OAuth App access restrictions, GitHub generally limits OAuth integration access to private repositories. This error in OAuth App access restrictions allowed third-party OAuth integrations, such as continuous integration providers, the same access permissions to certain private repositories within an organization as the user who implemented the integration had, provided they had authorized the integration for a scope capable of interacting with repositories.

-- Full email: https://gist.github.com/kailan/9f37ec2cd76314f945dda65e5beab241