Lucene search

PRIOn knowledge basePRION:CVE-2023-51379

HistoryDec 21, 2023 - 9:15 p.m.

Authorization

2023-12-2121:15:00

PRIOn knowledge base

www.prio-n.com

incorrect authorization

github enterprise

issue comments

improperly scoped token

vulnerability

repository content

permissions

fixed version

nvd

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

CPENameOperatorVersion
enterprise_serverge3.10.0
enterprise_serverlt3.10.4
enterprise_serverge3.9.0
enterprise_serverlt3.9.7
enterprise_serverge3.8.0
enterprise_serverlt3.8.12
enterprise_serverge3.7.0
enterprise_serverlt3.17.19
enterprise_servereq3.11.0

Name	Operator	Version
enterprise_server	ge	3.10.0
enterprise_server	lt	3.10.4
enterprise_server	ge	3.9.0
enterprise_server	lt	3.9.7
enterprise_server	ge	3.8.0
enterprise_server	lt	3.8.12
enterprise_server	ge	3.7.0
enterprise_server	lt	3.17.19
enterprise_server	eq	3.11.0

References

docs.github.com/en/[email protected]/admin/release-notes