CVE-2023-46647 HIGH

CVE-2023-46647: Improper Privilege Management in GitHub Enterprise Server management console leads to privilege escalation

Vendor Github
Product Enterprise Server
Weakness CWE-269
Published December 21, 2023
Last update August 2, 2024

CVSS base score

8.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.

Key dates

02Disclosure timeline

December 21, 2023 CVE published
August 2, 2024 Record updated