Описание
Incorrect Permission Assignment for Critical Resource in GitHub Enterprise Server that allowed local operating system user accounts to read MySQL connection details including the MySQL password via configuration files. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.7.18, 3.8.11, 3.9.6, and 3.10.3.
Incorrect Permission Assignment for Critical Resource in GitHub Enterprise Server that allowed local operating system user accounts to read MySQL connection details including the MySQL password via configuration files. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.7.18, 3.8.11, 3.9.6, and 3.10.3.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-23767
- https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3
- https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.18
- https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.11
- https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by GitHub as it was issued in error.
Уязвимость корпоративной версии платформы GitHub Enterprise Server, связанная с неправильным назначением разрешений для файлов, позволяющая нарушителю получить пароль MySQL