CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2023/12/21 9:15 p.m.•3 views

CVE-2023-46646

Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHu...

5.3CVSS5.8AI score0.0054EPSS

OSV•added 2023/12/21 9:15 p.m.•4 views

CVE-2023-46645

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...

4.9CVSS5.8AI score

NVD•added 2023/12/21 9:15 p.m.•14 views

CVE-2023-46647

8.8CVSS0.00638EPSS

Prion•added 2023/12/21 9:15 p.m.•16 views

Authentication flaw

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode...

5CVSS7.2AI score0.00815EPSS

Exploits0References3Affected Software1

Prion•added 2023/12/21 9:15 p.m.•14 views

Path traversal

3.3CVSS6.9AI score0.00791EPSS

Prion•added 2023/12/21 9:15 p.m.•16 views

Race condition

A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. To exploit this, an organization needs to be converted from a user. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12...

3.5CVSS6.9AI score0.00174EPSS

Prion•added 2023/12/21 9:15 p.m.•20 views

Improper access control

5CVSS6.9AI score0.0054EPSS

Prion•added 2023/12/21 9:15 p.m.•15 views

Authorization

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and...

4CVSS6.8AI score0.00467EPSS

Prion•added 2023/12/21 9:15 p.m.•11 views

Design/Logic Flaw

An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an adversary in the middle attack when combined with other phishing techniques. To exploit this, an attacker would need access to the...

3.2CVSS6.7AI score0.0051EPSS

Prion•added 2023/12/21 9:15 p.m.•18 views

Design/Logic Flaw

An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a...

4CVSS7AI score0.00719EPSS

Exploits1References4Affected Software1

CVE•added 2023/12/21 8:45 p.m.•51 views

CVE-2023-46649

CVE-2023-46649 describes a race condition in GitHub Enterprise Server that could allow an attacker with admin privileges to gain further access during the conversion of a user to an organization. The issue affects all GitHub Enterprise Server versions from 3.7 onward and could be exploited to obt...

7CVSS6.3AI score0.00174EPSS

CVE•added 2023/12/21 8:45 p.m.•36 views

CVE-2023-6804

CVE-2023-6804 (GitHub Enterprise Server) : Improper privilege management allows arbitrary workflows to be committed and run using an improperly scoped Personal Access Token, provided a workflow already exists in the target repo. Affected: GitHub Enterprise Server versions 3.8–3.11.x (before fixes...

6.5CVSS5.9AI score0.00204EPSS

Cvelist•added 2023/12/21 8:45 p.m.•22 views

CVE-2023-6804 Improper Privilege Management allows for arbitrary workflows to be run

Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.1...

6.5CVSS6.8AI score0.00204EPSS

Cvelist•added 2023/12/21 8:45 p.m.•38 views

CVE-2023-6802 Sensitive Information in Log File in GitHub Enterprise Server

7.2CVSS7.3AI score0.00719EPSS

Exploits1References4

Vulnrichment•added 2023/12/21 8:45 p.m.•5 views

CVE-2023-6746 Sensitive Information in Log File in GitHub Enterprise Server

8.1CVSS7.9AI score0.0051EPSS

Cvelist•added 2023/12/21 8:45 p.m.•18 views

CVE-2023-46645 Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site

6.8CVSS6.7AI score0.00791EPSS

Cvelist•added 2023/12/21 8:45 p.m.•23 views

CVE-2023-6746 Sensitive Information in Log File in GitHub Enterprise Server

8.1CVSS8.1AI score0.0051EPSS

CVE•added 2023/12/21 8:45 p.m.•77 views

CVE-2023-6690

A race condition in GitHub Enterprise Server allows an existing admin to retain permissions on transferred repositories by mutating repository permissions via GraphQL during transfer. Affected: GitHub Enterprise Server v3.8.0 and later. Impact: persistence of admin permissions on transferred repo...

3.9CVSS4AI score0.00326EPSS

CVE•added 2023/12/21 8:45 p.m.•48 views

CVE-2023-46647

GitHub Enterprise Server (GHES) suffers from improper privilege management that allows users with authorized access to the management console (editor role) to escalate privileges by making requests to the bootstrapping endpoint. Affected versions: GHES 3.8.0 and above. Remediations: upgrade to fi...

8.8CVSS8.6AI score0.00638EPSS