An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:37
Type | Values Removed | Values Added |
---|---|---|
References | () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 - Release Notes | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 2.7 |
11 Jun 2024, 19:16
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. |
29 Dec 2023, 19:22
Type | Values Removed | Values Added |
---|---|---|
References | () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 - Release Notes | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
First Time |
Github
Github enterprise Server |
|
CPE | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:* |
22 Dec 2023, 12:18
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
21 Dec 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-21 21:15
Updated : 2024-12-16 19:07
NVD link : CVE-2023-51380
Mitre link : CVE-2023-51380
CVE.ORG link : CVE-2023-51380
JSON object : View
Products Affected
github
- enterprise_server
CWE
CWE-863
Incorrect Authorization