2 matches found
CVE-2023-51380 Incorrect Authorization allows Read Access to Issue Comments in GitHub Enterprise Server
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and...
GitHub: [PATs] Ability to leak comments from issues without ANY "Issues" repo permissions by utilizing "Pull Request" permissions
An incorrect authorization vulnerability in GitHub Enterprise Server allowed issue comments to be read without proper permissions through improperly scoped tokens...