CVE-2023-6690 LOW

CVE-2023-6690

Vendor Github
Product Enterprise Server
Weakness CWE-367
Published December 21, 2023
Last update August 2, 2024

CVSS base score

3.9/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Key dates

02Disclosure timeline

December 21, 2023 CVE published
August 2, 2024 Record updated