Lucene search

[email protected]NVD:CVE-2023-46649

HistoryDec 21, 2023 - 9:15 p.m.

CVE-2023-46649

2023-12-2121:15:09

CWE-367

[email protected]

web.nvd.nist.gov

cve-2023-46649

administrator access

organization conversion

github enterprise server

versions

fixed

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Affected configurations

NVD

Node

githubenterprise_serverRange3.7.0–3.7.19

githubenterprise_serverRange3.8.0–3.8.12

githubenterprise_serverRange3.9.0–3.9.7

githubenterprise_serverRange3.10.0–3.10.4

githubenterprise_serverMatch3.11.0

References

docs.github.com/en/[email protected]/admin/release-notes#3.10.4

docs.github.com/en/[email protected]/admin/release-notes#3.11.1

docs.github.com/en/[email protected]/admin/release-notes#3.7.19

docs.github.com/en/[email protected]/admin/release-notes#3.8.12

docs.github.com/en/[email protected]/admin/release-notes#3.9.7

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-46649

hackerone1 cvelist1 cve1 prion1