CVE-2023-51379

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Published: Dec 21, 2023
Updated: Dec 30, 2023
CVE: CVE-2023-51379
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
github / enterprise_server	3.10.0	3.10.4
github / enterprise_server	3.9.0	3.9.7
github / enterprise_server	3.8.0	3.8.12
github / enterprise_server	3.11.0	3.11.0.x
github / enterprise_server	3.7.0	3.7.19

https://docs.github.com/en/[email protected]/admin/release-notes#3.10.4
https://docs.github.com/en/[email protected]/admin/release-notes#3.11.1
https://docs.github.com/en/[email protected]/admin/release-notes#3.7.19
https://docs.github.com/en/[email protected]/admin/release-notes#3.8.12
https://docs.github.com/en/[email protected]/admin/release-notes#3.9.7

Vulnerability Database

289,697

CVE-2023-51379