CVE-2023-6690

Summary

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Affected Software

VendorProductVersion RangeStatus
GitHubEnterprise Server3.8 <= 3.8.11affected
GitHubEnterprise Server3.9 <= 3.9.6affected
GitHubEnterprise Server3.10 <= 3.10.3affected
GitHubEnterprise Server3.11 <= 3.11.0affected

Weaknesses

  • CWE-367: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

ADP Enrichment

CVE Program Container

Additional References

References