4.9
CVE-2023-51379
- EPSS 0.14%
- Veröffentlicht 21.12.2023 21:15:13
- Zuletzt bearbeitet 16.12.2024 19:07:10
- Quelle product-cna@github.com
- CVE-Watchlists
- Unerledigt
LoginAn incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Github ≫ Enterprise Server Version >= 3.7.0 < 3.7.19
Github ≫ Enterprise Server Version >= 3.8.0 < 3.8.12
Github ≫ Enterprise Server Version >= 3.9.0 < 3.9.7
Github ≫ Enterprise Server Version >= 3.10.0 < 3.10.4
Github ≫ Enterprise Server Version3.11.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.344 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
|
| product-cna@github.com | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.