CVE-2023-51380

Summary

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Affected Software

VendorProductVersion RangeStatus
GitHubEnterprise Server3.7.0 <= 3.7.18affected
GitHubEnterprise Server3.8.0 <= 3.8.11affected
GitHubEnterprise Server3.9.0 <= 3.9.6affected
GitHubEnterprise Server3.10.0 <= 3.10.3affected
GitHubEnterprise Server3.11 <= 3.11.0affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

References