Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0.
References
Configurations
Configuration 1 (hide)
|
History
29 Dec 2023, 15:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* | |
First Time |
Github enterprise Server
Github |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CWE | CWE-639 | |
References | () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19 - Release Notes |
21 Dec 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-21 21:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-46646
Mitre link : CVE-2023-46646
CVE.ORG link : CVE-2023-46646
JSON object : View
Products Affected
github
- enterprise_server
CWE
CWE-639
Authorization Bypass Through User-Controlled Key