Vulnerability Description
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Github | Enterprise Server | >= 3.6.0, < 3.6.18 |
Related Weaknesses (CWE)
References
- https://docs.github.com/en/[email protected]/admin/release-notes#3.6.18-secuRelease Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.7.16-secuRelease Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.8.9-securRelease Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.9.4-securRelease Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.6.18-secuRelease Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.7.16-secuRelease Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.8.9-securRelease Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.9.4-securRelease Notes
FAQ
What is CVE-2023-23763?
CVE-2023-23763 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was ...
How severe is CVE-2023-23763?
CVE-2023-23763 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-23763?
Check the references section above for vendor advisories and patch information. Affected products include: Github Enterprise Server.