Sensitive Information in Log File in GitHub Enterprise Server
CVE-2023-6746

8.1HIGH

Key Information:

Vendor: Github
Status: Enterprise Server
Vendor: CVE Published:; 21 December 2023

What is CVE-2023-6746?

A vulnerability was identified in GitHub Enterprise Server that allows sensitive information to be inserted into log files. This exposure can lead to adversary-in-the-middle attacks when leveraged alongside other phishing techniques. To exploit this vulnerability, an attacker would need access to the log files of the GitHub Enterprise Server appliance or backup archives created using GitHub Enterprise Server Backup Utilities, or they could target a service receiving streamed logs. All versions of GitHub Enterprise Server from 3.7 are affected, but the issue has been resolved in versions 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Affected Version(s)

Enterprise Server 3.7.0 <= 3.7.18

Enterprise Server 3.8.0 <= 3.8.11

References

https://docs.github.com/en/[email protected]/admin/re...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 21, 2023
Vulnerability Reserved
Dec 12, 2023

Github

What is CVE-2023-6746?

Affected Version(s)

References

CVSS V3.1

Timeline