CVE-2023-46647

Опубликовано: 21 дек. 2023

Источник: nvd

CVSS3: 8

CVSS3: 8.8

EPSS Низкий

Описание

Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.

Ссылки

https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3
Release Notes
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.0
Release Notes
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12
Release Notes
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6
Release Notes
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3
Release Notes
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.0
Release Notes
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12
Release Notes
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6
Release Notes

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

Версия от 3.8.0 (включая) до 3.8.12 (исключая)

cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

Версия от 3.9.0 (включая) до 3.9.6 (исключая)

cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

Версия от 3.10.0 (включая) до 3.10.3 (исключая)

EPSS

Процентиль: 65%

0.005

Низкий

8 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-269

Связанные уязвимости

GHSA-9g9p-wc7c-q948

CVSS3: 8

github

около 2 лет назад

EPSS

Процентиль: 65%

0.005

Низкий

8 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-269