Vulnerability Description
Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Github | Enterprise Server | >= 3.7.0, < 3.7.19 |
Related Weaknesses (CWE)
References
- https://docs.github.com/en/[email protected]/admin/release-notes#3.10.4Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.7.19Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.8.12Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.9.7Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.10.4Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.7.19Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.8.12Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.9.7Release Notes
FAQ
What is CVE-2023-46646?
CVE-2023-46646 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow ...
How severe is CVE-2023-46646?
CVE-2023-46646 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-46646?
Check the references section above for vendor advisories and patch information. Affected products include: Github Enterprise Server.