CVE-2023-6803

Summary

A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Affected Software

VendorProductVersion RangeStatus
GitHubEnterprise Server3.8 <= 3.8.11affected
GitHubEnterprise Server3.9 <= 3.9.6affected
GitHubEnterprise Server3.10 <= 3.10.3affected
GitHubEnterprise Server3.11 <= 3.11.0affected

Weaknesses

  • CWE-367: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

ADP Enrichment

CVE Program Container

Additional References

References