Improper authentication vulnerability in GitHub Enterprise Server leading to modification of secret gists
CVE-2023-23761

7.7HIGH

Key Information:

Vendor: Github
Status: Enterprise Server
Vendor: CVE Published:; 7 April 2023

What is CVE-2023-23761?

An improper authentication vulnerability in GitHub Enterprise Server enables unauthorized actors to modify secret gists using an SSH certificate authority, provided they are aware of the secret gist's URL. This flaw poses a significant risk to user-generated content, impacting all versions prior to 3.9. The vulnerability was addressed in the subsequent release cycles, specifically for versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1, following reports via the GitHub Bug Bounty program.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Enterprise Server 3.4.0 <= 3.4.17

Enterprise Server 3.5.0 <= 3.5.14

References

https://docs.github.com/en/enterprise-server@3.8/admin/re...

https://docs.github.com/en/enterprise-server@3.7/admin/re...

https://docs.github.com/en/enterprise-server@3.6/admin/re...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 7, 2023
Vulnerability Reserved
Jan 17, 2023

JSON

Github

What is CVE-2023-23761?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.