Design/Logic Flaw

2023-12-2121:15:00

PRIOn knowledge base

www.prio-n.com

information leakage

audit log vulnerability

access risk

github enterprise server

version 3.8 - 3.11.1

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

JSON

An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

CPENameOperatorVersion
enterprise_serverge3.10.0
enterprise_serverlt3.10.4
enterprise_serverge3.9.0
enterprise_serverlt3.9.7
enterprise_serverge3.8.0
enterprise_serverlt3.8.12
enterprise_servereq3.11.0

Name	Operator	Version
enterprise_server	ge	3.10.0
enterprise_server	lt	3.10.4
enterprise_server	ge	3.9.0
enterprise_server	lt	3.9.7
enterprise_server	ge	3.8.0
enterprise_server	lt	3.8.12
enterprise_server	eq	3.11.0

References

docs.github.com/en/[email protected]/admin/release-notes