PT-2023-32778 · Github · Github Enterprise Server

Inspector-Ambitious

Publicado

2023-12-21

Atualizado

2023-12-29

CVE-2023-6803

CVSS v3.1

5.8

Média

Vetor

AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions 3.8 through 3.8.11 GitHub Enterprise Server versions 3.9 through 3.9.6 GitHub Enterprise Server versions 3.10 through 3.10.3 GitHub Enterprise Server versions 3.11 through 3.11.0

Description A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred.

Recommendations For GitHub Enterprise Server versions 3.8 through 3.8.11, update to version 3.8.12. For GitHub Enterprise Server versions 3.9 through 3.9.6, update to version 3.9.7. For GitHub Enterprise Server versions 3.10 through 3.10.3, update to version 3.10.4. For GitHub Enterprise Server versions 3.11 through 3.11.0, update to version 3.11.1.

Correção

Time Of Check To Time Of Use

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-367

Identificadores relacionados

CVE-2023-6803

Produtos afetados

Github Enterprise Server

PT-2023-32778 · Github · Github Enterprise Server

CVE-2023-6803

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8