CVE-2023-51380

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Published: Dec 21, 2023
Updated: Jun 12, 2024
CVE: CVE-2023-51380
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
github / enterprise_server	3.10.0	3.10.4
github / enterprise_server	3.9.0	3.9.7
github / enterprise_server	3.8.0	3.8.12
github / enterprise_server	3.11.0	3.11.0.x
github / enterprise_server	3.7.0	3.7.19

https://docs.github.com/en/[email protected]/admin/release-notes#3.10.4
https://docs.github.com/en/[email protected]/admin/release-notes#3.11.1
https://docs.github.com/en/[email protected]/admin/release-notes#3.7.19
https://docs.github.com/en/[email protected]/admin/release-notes#3.8.12
https://docs.github.com/en/[email protected]/admin/release-notes#3.9.7

Vulnerability Database

289,697

CVE-2023-51380