CVE-2023-6690

3.9LOW

Key Information

Vendor: GitHub
Status: Enterprise Server
Vendor: CVE Published:; 21 December 2023

Summary

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Affected Version(s)

Enterprise Server <= 3.8.11

Enterprise Server <= 3.9.6

Refferences

https://docs.github.com/en/[email protected]/admin/re...

https://docs.github.com/en/[email protected]/admin/r...

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 21, 2023
Vulnerability Reserved
Dec 11, 2023

Collectors

NVD DatabaseMitre Database

Credit

inspector-ambitious