CVE-2023-46647

Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

History

29 Dec 2023, 15:52

Type Values Removed Values Added
CWE CWE-269
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.0 - () https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.0 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 - () https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6 - () https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6 - Release Notes
References () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3 - () https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3 - Release Notes
CPE cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

21 Dec 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-21 21:15

Updated : 2024-02-05 00:22


NVD link : CVE-2023-46647

Mitre link : CVE-2023-46647

CVE.ORG link : CVE-2023-46647


JSON object : View

Products Affected

github

  • enterprise_server
CWE
CWE-269

Improper Privilege Management