An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
Configurations
Configuration 1 (hide)
|
History
11 Jun 2024, 19:16
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. |
29 Dec 2023, 19:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:* cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* |
|
First Time |
Github enterprise Server
Github |
|
CWE | CWE-863 | |
References | () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 - Release Notes | |
References | () https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19 - Release Notes | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
21 Dec 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-21 21:15
Updated : 2024-06-11 19:16
NVD link : CVE-2023-51380
Mitre link : CVE-2023-51380
CVE.ORG link : CVE-2023-51380
JSON object : View
Products Affected
github
- enterprise_server
CWE
CWE-863
Incorrect Authorization