Vulnerabilities > Github
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-21 | CVE-2023-46647 | Improper Privilege Management vulnerability in Github Enterprise Server Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0. | 8.8 |
| 2023-12-21 | CVE-2023-46648 | Insufficient Entropy vulnerability in Github Enterprise Server An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. | 7.5 |
| 2023-12-21 | CVE-2023-46649 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Github Enterprise Server A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. | 7.0 |
| 2023-12-21 | CVE-2023-51379 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. | 4.9 |
| 2023-12-21 | CVE-2023-51380 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | 4.3 |
| 2023-12-21 | CVE-2023-6690 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Github Enterprise Server A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | 2.0 |
| 2023-12-21 | CVE-2023-6746 | Information Exposure Through Log Files vulnerability in Github Enterprise Server An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. | 5.7 |
| 2023-12-21 | CVE-2023-6802 | Information Exposure Through Log Files vulnerability in Github Enterprise Server An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. | 6.5 |
| 2023-12-21 | CVE-2023-6803 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Github Enterprise Server A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. | 4.0 |
| 2023-12-21 | CVE-2023-6804 | Improper Privilege Management vulnerability in Github Enterprise Server Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. | 5.5 |