Vulnerability Description
Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Github | Enterprise Server | >= 3.8.0, < 3.8.12 |
Related Weaknesses (CWE)
References
- https://docs.github.com/en/[email protected]/admin/release-notes#3.10.3Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.11.0Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.8.12Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.9.6Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.10.3Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.11.0Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.8.12Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.9.6Release Notes
FAQ
What is CVE-2023-46647?
CVE-2023-46647 is a vulnerability with a CVSS score of 8.0 (HIGH). Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making reque...
How severe is CVE-2023-46647?
CVE-2023-46647 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-46647?
Check the references section above for vendor advisories and patch information. Affected products include: Github Enterprise Server.