PT-2023-32741 · Github · Github Enterprise Server
Inspector-Ambitious
·
Publicado
2023-12-21
·
Atualizado
2023-12-29
·
CVE-2023-6690
CVSS v3.1
3.9
Baixa
| Vetor | AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
GitHub Enterprise Server versions 3.8.0 through 3.8.11
GitHub Enterprise Server versions 3.9.0 through 3.9.6
GitHub Enterprise Server versions 3.10.0 through 3.10.3
GitHub Enterprise Server versions 3.11.0
Description
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer.
Recommendations
For GitHub Enterprise Server versions 3.8.0 through 3.8.11, update to version 3.8.12.
For GitHub Enterprise Server versions 3.9.0 through 3.9.6, update to version 3.9.7.
For GitHub Enterprise Server versions 3.10.0 through 3.10.3, update to version 3.10.4.
For GitHub Enterprise Server versions 3.11.0, update to version 3.11.1.
Correção
Time Of Check To Time Of Use
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Github Enterprise Server