1. Home
  2. CVE Database
  3. CVE-2023-6746
HIGH · 8.1

CVE-2023-6746

An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` ...

Vulnerability Description

An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. 

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
GithubEnterprise Server>= 3.7.0, < 3.7.19

Related Weaknesses (CWE)

CWE-532

References

FAQ

What is CVE-2023-6746?

CVE-2023-6746 is a vulnerability with a CVSS score of 8.1 (HIGH). An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` ...

How severe is CVE-2023-6746?

CVE-2023-6746 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-6746?

Check the references section above for vendor advisories and patch information. Affected products include: Github Enterprise Server.