5.3
CVE-2023-46646
- EPSS 0.29%
- Veröffentlicht 21.12.2023 21:15:08
- Zuletzt bearbeitet 16.12.2024 19:07:42
- Quelle product-cna@github.com
- CVE-Watchlists
- Unerledigt
LoginImproper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Github ≫ Enterprise Server Version >= 3.7.0 < 3.7.19
Github ≫ Enterprise Server Version >= 3.8.0 < 3.8.12
Github ≫ Enterprise Server Version >= 3.9.0 < 3.9.7
Github ≫ Enterprise Server Version >= 3.10.0 < 3.10.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.517 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| product-cna@github.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.