Race Condition allows Unauthorized Outside Collaborator

CVE-2023-6803

5.8MEDIUM

Key Information

Vendor: GitHub
Status: Enterprise Server
Vendor: CVE Published:; 21 December 2023

Summary

A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Affected Version(s)

Enterprise Server <= 3.8.11

Enterprise Server <= 3.9.6

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Dec 21, 2023
Vulnerability Reserved.
Dec 13, 2023

Collectors

NVD DatabaseMitre Database

Credit

inspector-ambitious