CVE-2023-46646

Опубликовано: 21 дек. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0.

Ссылки

https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4
Release Notes
https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19
Release Notes
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12
Release Notes
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7
Release Notes
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4
Release Notes
https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19
Release Notes
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12
Release Notes
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7
Release Notes

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

Версия от 3.7.0 (включая) до 3.7.19 (исключая)

cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

Версия от 3.8.0 (включая) до 3.8.12 (исключая)

cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

Версия от 3.9.0 (включая) до 3.9.7 (исключая)

cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

Версия от 3.10.0 (включая) до 3.10.4 (исключая)

EPSS

Процентиль: 52%

0.00286

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-5fwq-2hqv-g62h

CVSS3: 5.3

github

около 2 лет назад

EPSS

Процентиль: 52%

0.00286

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-639