CVE-2023-6746
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
5.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.9%
An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an adversary in the middle attack when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs.Β This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| github | enterprise_server | * | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* |
| github | enterprise_server | * | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* |
| github | enterprise_server | * | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* |
| github | enterprise_server | * | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* |
| github | enterprise_server | * | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.7.19",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.7.18",
"status": "affected",
"version": "3.7.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.8.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.8.11",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.6",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.3",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.0",
"status": "affected",
"version": "3.11",
"versionType": "semver"
}
]
}
]References
docs.github.com/en/[email protected]/admin/release-notes#3.10.4
docs.github.com/en/[email protected]/admin/release-notes#3.11.1
docs.github.com/en/[email protected]/admin/release-notes#3.7.19
docs.github.com/en/[email protected]/admin/release-notes#3.8.12
docs.github.com/en/[email protected]/admin/release-notes#3.9.7
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
5.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.9%