CVE-2023-46647

CVSS V2 None CVSS V3 None

Description

Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.

Overview

CVE ID
CVE-2023-46647

Assigner
GitHub_P

Vulnerability Status
PUBLISHED

Published Version
2023-12-21T20:45:17.664Z

Last Modified Date
2023-12-21T20:45:17.664Z

Weakness Enumerations

CWE	URL
CWE-269	http://cwe.mitre.org/data/definitions/269.html

References

Reference URL	Reference Tags
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.0

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-46647
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46647

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 23:00:41				Added to TrackCVE