CVE-2023-46646 MEDIUM

CVE-2023-46646

Vendor Github
Product Enterprise Server
Weakness CWE-639 · IDOR
Published December 21, 2023
Last update November 27, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0.

Key dates

02Disclosure timeline

December 21, 2023 CVE published
November 27, 2024 Record updated