CVE-2023-51379

Summary

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. 

Affected Software

VendorProductVersion RangeStatus
GitHubEnterprise Server3.7.0 <= 3.7.18affected
GitHubEnterprise Server3.8.0 <= 3.8.11affected
GitHubEnterprise Server3.9.0 <= 3.9.6affected
GitHubEnterprise Server3.10.0 <= 3.10.3affected
GitHubEnterprise Server3.11 <= 3.11.0affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

References