PT-2023-32788 · Github · Github Enterprise Server
Ahacker1
·
Published
2023-12-21
·
Updated
2023-12-29
·
CVE-2023-6847
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitHub Enterprise Server versions 3.9 through 3.9.6
GitHub Enterprise Server versions 3.10 through 3.10.3
GitHub Enterprise Server versions 3.11 through 3.11.0
Description
An improper authentication issue was identified in GitHub Enterprise Server, allowing a bypass of Private Mode using a specially crafted API request. To exploit this, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. The issue was reported via the GitHub Bug Bounty program.
Recommendations
For GitHub Enterprise Server versions 3.9 through 3.9.6, update to version 3.9.7 to resolve the issue.
For GitHub Enterprise Server versions 3.10 through 3.10.3, update to version 3.10.4 to resolve the issue.
For GitHub Enterprise Server versions 3.11 through 3.11.0, update to version 3.11.1 to resolve the issue.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Github Enterprise Server