SECURITY FLAW: GitHub Platform's Admin Feature Flag Endpoints Lack Role Enforcement, Allowing Any User to Toggle Flags

A critical privilege escalation vulnerability has been identified within GitHub's administrative infrastructure. The platform's feature flag management endpoints, which control system-wide functionality, are missing the mandatory admin role checks required to restrict access. This oversight means any authenticated user—not just administrators—can create, delete, update, and retrieve feature flags via the `/admin/feature-flags` API. The flaw effectively grants standard users the power to toggle platform-level features, a capability reserved for the highest-privileged roles.

The vulnerability is located in the endpoints for POST, PATCH, DELETE, and GET operations on the feature flag resource. Unlike other administrative controllers, such as the `entitlement_admin_controller.py` which correctly implements an `_is_admin()` check, these endpoints proceed with business logic without verifying the user's role. This absence of a "fail fast" security gate creates a direct path for privilege escalation, where a logged-in user with basic credentials can manipulate core platform settings intended to be locked down.

The exposure places the integrity of GitHub's service configuration at immediate risk. Unauthorized changes to feature flags could disrupt user experiences, enable or disable critical system components, and potentially be leveraged in more complex attack chains. The required fix mandates adding the `_is_admin()` check to all four endpoints before any other logic executes, ensuring non-admin users receive a 403 Forbidden response. Comprehensive test coverage is required to validate both the failure case for standard users and the success case for legitimate administrators.