Описание
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
Ссылки
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия от 3.7.0 (включая) до 3.7.19 (исключая)Версия от 3.8.0 (включая) до 3.8.12 (исключая)Версия от 3.9.0 (включая) до 3.9.7 (исключая)Версия от 3.10.0 (включая) до 3.10.4 (исключая)
Одно из
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.0017
Низкий
2.7 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-863
CWE-863
Связанные уязвимости
CVSS3: 2.7
github
около 2 лет назад
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
EPSS
Процентиль: 39%
0.0017
Низкий
2.7 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-863
CWE-863