Improper Privilege Management in GitHub Enterprise Server management console leads to privilege escalation

CVE-2023-46647

8HIGH

Key Information

Vendor: GitHub
Status: Enterprise Server
Vendor: CVE Published:; 21 December 2023

Summary

Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.

Affected Version(s)

Enterprise Server <= 3.8.11

Enterprise Server <= 3.9.5

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Dec 21, 2023
Vulnerability Reserved.
Oct 24, 2023

Collectors

NVD DatabaseMitre Database

Credit

Imre Rad