Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-46647

Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.

Published

2023-12-21T21:15:08.930

Last Modified

2024-11-21T08:28:58.003

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.0 (HIGH)

Weaknesses

Type: Secondary
CWE-269
Type: Primary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	github	enterprise_server	< 3.8.12	Yes
Application	github	enterprise_server	< 3.9.6	Yes
Application	github	enterprise_server	< 3.10.3	Yes

References

https://docs.github.com/en/[email protected]/admin/release-notes#3.10.3 Release Notes ([email protected])
https://docs.github.com/en/[email protected]/admin/release-notes#3.11.0 Release Notes ([email protected])
https://docs.github.com/en/[email protected]/admin/release-notes#3.8.12 Release Notes ([email protected])
https://docs.github.com/en/[email protected]/admin/release-notes#3.9.6 Release Notes ([email protected])
https://docs.github.com/en/[email protected]/admin/release-notes#3.10.3 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://docs.github.com/en/[email protected]/admin/release-notes#3.11.0 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://docs.github.com/en/[email protected]/admin/release-notes#3.8.12 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://docs.github.com/en/[email protected]/admin/release-notes#3.9.6 Release Notes (af854a3a-2127-422b-91ae-364da2661108)