PT-2023-19188 · Github · Github Enterprise Server

Inspector-Ambitious

Publicado

2023-09-01

Atualizado

2023-09-07

CVE-2023-23763

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.10.0

Description An authorization/sensitive information disclosure issue was identified in GitHub Enterprise Server, allowing a fork to retain read access to an upstream repository after its visibility was changed to private. This issue was reported via the GitHub Bug Bounty program.

Recommendations For versions prior to 3.10.0, update to version 3.10.0 or later to resolve the issue. Alternatively, for specific prior versions, update to the following fixed versions:

Version 3.9.4 for those on version 3.9
Version 3.8.9 for those on version 3.8
Version 3.7.16 for those on version 3.7
Version 3.6.18 for those on version 3.6

Correção

Missing Authorization

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-200

Identificadores relacionados

CVE-2023-23763

Produtos afetados

Github Enterprise Server

PT-2023-19188 · Github · Github Enterprise Server

CVE-2023-23763

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7