CVE-2023-6690

CVSS v3.1

3.9

Low

Vector

AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions 3.8.0 through 3.8.11 GitHub Enterprise Server versions 3.9.0 through 3.9.6 GitHub Enterprise Server versions 3.10.0 through 3.10.3 GitHub Enterprise Server versions 3.11.0

Description A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer.

Recommendations For GitHub Enterprise Server versions 3.8.0 through 3.8.11, update to version 3.8.12. For GitHub Enterprise Server versions 3.9.0 through 3.9.6, update to version 3.9.7. For GitHub Enterprise Server versions 3.10.0 through 3.10.3, update to version 3.10.4. For GitHub Enterprise Server versions 3.11.0, update to version 3.11.1.

Fix

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

CVE-2023-6690

Affected Products

Github Enterprise Server

CVE-2023-6690

Weakness Enumeration

Related Identifiers

Affected Products

References · 8