Douglas Day

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions 3.7 through 3.17.18 GitHub Enterprise Server versions 3.8 through 3.8.11 GitHub Enterprise Server versions 3.9 through 3.9.6 GitHub Enterprise Server versions 3.10 through 3.10.3 GitHub Enterprise Server versions 3.11 through 3.11.0 **Description** An incorrect authorization issue was identified in GitHub Enterprise Server, allowing issue comments to be updated with an improperly scoped token. This issue did not allow unauthorized access to any repository content as it also required `contents:write` and `issues:read` permissions. **Recommendations** For GitHub Enterprise Server versions 3.7 through 3.17.18, update to version 3.17.19. For GitHub Enterprise Server versions 3.8 through 3.8.11, update to version 3.8.12. For GitHub Enterprise Server versions 3.9 through 3.9.6, update to version 3.9.7. For GitHub Enterprise Server versions 3.10 through 3.10.3, update to version 3.10.4. For GitHub Enterprise Server versions 3.11 through 3.11.0, update to version 3.11.1.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions 3.7 through 3.7.18 GitHub Enterprise Server versions 3.8 through 3.8.11 GitHub Enterprise Server versions 3.9 through 3.9.6 GitHub Enterprise Server versions 3.10 through 3.10.3 GitHub Enterprise Server versions 3.11 through 3.11.0 **Description** An incorrect authorization issue was identified in GitHub Enterprise Server, allowing issue comments to be read with an improperly scoped token. **Recommendations** For GitHub Enterprise Server versions 3.7 through 3.7.18, update to version 3.7.19. For GitHub Enterprise Server versions 3.8 through 3.8.11, update to version 3.8.12. For GitHub Enterprise Server versions 3.9 through 3.9.6, update to version 3.9.7. For GitHub Enterprise Server versions 3.10 through 3.10.3, update to version 3.10.4. For GitHub Enterprise Server versions 3.11 through 3.11.0, update to version 3.11.1.