CVE-2023-6847

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.

Published: Dec 21, 2023
Updated: Dec 30, 2023
CVE: CVE-2023-6847
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
github / enterprise_server	3.10.0	3.10.4
github / enterprise_server	3.9.0	3.9.7
github / enterprise_server	3.11.0	3.11.0.x

https://docs.github.com/en/[email protected]/admin/release-notes#3.10.4
https://docs.github.com/en/[email protected]/admin/release-notes#3.11.1
https://docs.github.com/en/[email protected]/admin/release-notes#3.9.7

Vulnerability Database

289,697

CVE-2023-6847