CVE-2023-46646

Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

History

29 Dec 2023, 15:52

Type Values Removed Values Added
CPE cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
First Time Github enterprise Server
Github
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CWE CWE-639
References () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 - () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 - () https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 - () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19 - () https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19 - Release Notes

21 Dec 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-21 21:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-46646

Mitre link : CVE-2023-46646

CVE.ORG link : CVE-2023-46646


JSON object : View

Products Affected

github

  • enterprise_server
CWE
CWE-639

Authorization Bypass Through User-Controlled Key