Lucene search

[email protected]NVD:CVE-2023-23761

HistoryApr 07, 2023 - 7:15 p.m.

CVE-2023-23761

2023-04-0719:15:06

CWE-287

[email protected]

web.nvd.nist.gov

github

server

vulnerability

authentication

ssh

certificate authority

secret gists

bug bounty

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

46.5%

JSON

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users’ secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist’s URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.

Affected configurations

NVD

Node

githubenterprise_serverRange<3.4.18

githubenterprise_serverRange3.5.0–3.5.15

githubenterprise_serverRange3.6.0–3.6.11

githubenterprise_serverRange3.7.0–3.7.8

githubenterprise_serverMatch3.8.0

References

docs.github.com/en/[email protected]/admin/release-notes#3.4.18

docs.github.com/en/[email protected]/admin/release-notes#3.5.15

docs.github.com/en/[email protected]/admin/release-notes#3.6.11

docs.github.com/en/[email protected]/admin/release-notes#3.7.8

docs.github.com/en/[email protected]/admin/release-notes#3.8.1

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

46.5%

JSON

Related for NVD:CVE-2023-23761

github1 hackerone1 cvelist1 prion1 cve1