Vulnerability Details CVE-2023-23763
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.3%
CVSS Severity
CVSS v3 Score 5.3
References
- https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.18-security-fixes
- https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.16-security-fixes
- https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9-security-fixes
- https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.4-security-fixes
- https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.18-security-fixes
- https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.16-security-fixes
- https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9-security-fixes
- https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.4-security-fixes
Products affected by CVE-2023-23763
-
cpe:2.3:a:github:enterprise_server:3.6.0
-
cpe:2.3:a:github:enterprise_server:3.6.1
-
cpe:2.3:a:github:enterprise_server:3.6.10
-
cpe:2.3:a:github:enterprise_server:3.6.11
-
cpe:2.3:a:github:enterprise_server:3.6.12
-
cpe:2.3:a:github:enterprise_server:3.6.13
-
cpe:2.3:a:github:enterprise_server:3.6.14
-
cpe:2.3:a:github:enterprise_server:3.6.15
-
cpe:2.3:a:github:enterprise_server:3.6.16
-
cpe:2.3:a:github:enterprise_server:3.6.17
-
cpe:2.3:a:github:enterprise_server:3.6.2
-
cpe:2.3:a:github:enterprise_server:3.6.3
-
cpe:2.3:a:github:enterprise_server:3.6.4
-
cpe:2.3:a:github:enterprise_server:3.6.5
-
cpe:2.3:a:github:enterprise_server:3.6.6
-
cpe:2.3:a:github:enterprise_server:3.6.7
-
cpe:2.3:a:github:enterprise_server:3.6.8
-
cpe:2.3:a:github:enterprise_server:3.6.9
-
cpe:2.3:a:github:enterprise_server:3.7.0
-
cpe:2.3:a:github:enterprise_server:3.7.1
-
cpe:2.3:a:github:enterprise_server:3.7.10
-
cpe:2.3:a:github:enterprise_server:3.7.11
-
cpe:2.3:a:github:enterprise_server:3.7.12
-
cpe:2.3:a:github:enterprise_server:3.7.13
-
cpe:2.3:a:github:enterprise_server:3.7.14
-
cpe:2.3:a:github:enterprise_server:3.7.15
-
cpe:2.3:a:github:enterprise_server:3.7.2
-
cpe:2.3:a:github:enterprise_server:3.7.3
-
cpe:2.3:a:github:enterprise_server:3.7.4
-
cpe:2.3:a:github:enterprise_server:3.7.5
-
cpe:2.3:a:github:enterprise_server:3.7.6
-
cpe:2.3:a:github:enterprise_server:3.7.7
-
cpe:2.3:a:github:enterprise_server:3.7.8
-
cpe:2.3:a:github:enterprise_server:3.7.9
-
cpe:2.3:a:github:enterprise_server:3.8.0
-
cpe:2.3:a:github:enterprise_server:3.8.1
-
cpe:2.3:a:github:enterprise_server:3.8.2
-
cpe:2.3:a:github:enterprise_server:3.8.3
-
cpe:2.3:a:github:enterprise_server:3.8.4
-
cpe:2.3:a:github:enterprise_server:3.8.5
-
cpe:2.3:a:github:enterprise_server:3.8.6
-
cpe:2.3:a:github:enterprise_server:3.8.7
-
cpe:2.3:a:github:enterprise_server:3.8.8
-
cpe:2.3:a:github:enterprise_server:3.9.0
-
cpe:2.3:a:github:enterprise_server:3.9.1
-
cpe:2.3:a:github:enterprise_server:3.9.2
-
cpe:2.3:a:github:enterprise_server:3.9.3