CVE-2023-23763

An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

History

07 Sep 2023, 19:53

Type Values Removed Values Added
First Time Github enterprise Server
Github
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CPE cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
CWE CWE-862
References (MISC) https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.16-security-fixes - (MISC) https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.16-security-fixes - Release Notes
References (MISC) https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9-security-fixes - (MISC) https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9-security-fixes - Release Notes
References (MISC) https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.18-security-fixes - (MISC) https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.18-security-fixes - Release Notes
References (MISC) https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.4-security-fixes - (MISC) https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.4-security-fixes - Release Notes

01 Sep 2023, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-01 15:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-23763

Mitre link : CVE-2023-23763

CVE.ORG link : CVE-2023-23763


JSON object : View

Products Affected

github

  • enterprise_server
CWE
CWE-862

Missing Authorization

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor