PT-2023-19188 · Github · Github Enterprise Server
Inspector-Ambitious
·
Published
2023-09-01
·
Updated
2023-09-07
·
CVE-2023-23763
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitHub Enterprise Server versions prior to 3.10.0
Description
An authorization/sensitive information disclosure issue was identified in GitHub Enterprise Server, allowing a fork to retain read access to an upstream repository after its visibility was changed to private. This issue was reported via the GitHub Bug Bounty program.
Recommendations
For versions prior to 3.10.0, update to version 3.10.0 or later to resolve the issue.
Alternatively, for specific prior versions, update to the following fixed versions:
- Version 3.9.4 for those on version 3.9
- Version 3.8.9 for those on version 3.8
- Version 3.7.16 for those on version 3.7
- Version 3.6.18 for those on version 3.6
Fix
Missing Authorization
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Github Enterprise Server