2023-12-21 23:00:28 +00:00
{
"id" : "CVE-2023-46646" ,
"sourceIdentifier" : "product-cna@github.com" ,
"published" : "2023-12-21T21:15:08.620" ,
2024-12-16 21:03:47 +00:00
"lastModified" : "2024-12-16T19:07:42.750" ,
"vulnStatus" : "Analyzed" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-12-21 23:00:28 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the \"Get a check run\" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name.\u00a0This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0."
2023-12-22 13:00:29 +00:00
} ,
{
"lang" : "es" ,
"value" : "El control de acceso inadecuado en todas las versiones de GitHub Enterprise Server permite a usuarios no autorizados ver nombres de repositorios privados a trav\u00e9s del endpoint API \"Get a check run\". Esta vulnerabilidad no permit\u00eda el acceso no autorizado a ning\u00fan contenido del repositorio adem\u00e1s del nombre. Esta vulnerabilidad afect\u00f3 a GitHub Enterprise Server versi\u00f3n 3.7.0 y superiores y se solucion\u00f3 en las versiones 3.17.19, 3.8.12, 3.9.7 3.10.4 y 3.11.0."
2023-12-21 23:00:28 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2023-12-29 17:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "product-cna@github.com" ,
"type" : "Secondary" ,
2023-12-29 17:00:28 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 5.3 ,
"baseSeverity" : "MEDIUM" ,
2023-12-29 17:00:28 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-12-29 17:00:28 +00:00
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 1.4
} ,
2023-12-21 23:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-12-21 23:00:28 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 5.3 ,
"baseSeverity" : "MEDIUM" ,
2023-12-21 23:00:28 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-12-21 23:00:28 +00:00
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 1.4
}
]
} ,
"weaknesses" : [
2023-12-29 17:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "product-cna@github.com" ,
"type" : "Secondary" ,
2023-12-29 17:00:28 +00:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-639"
}
]
} ,
2023-12-21 23:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-12-21 23:00:28 +00:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-639"
}
]
}
] ,
2023-12-29 17:00:28 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "3.7.0" ,
2024-12-16 21:03:47 +00:00
"versionEndExcluding" : "3.7.19" ,
"matchCriteriaId" : "9C219467-E463-4C59-AAD7-8BECDA8AA1AE"
2023-12-29 17:00:28 +00:00
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "3.8.0" ,
"versionEndExcluding" : "3.8.12" ,
"matchCriteriaId" : "B3D983FF-FDDE-484C-AA34-31EB52E25EC2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "3.9.0" ,
"versionEndExcluding" : "3.9.7" ,
"matchCriteriaId" : "B118EB53-4459-4817-8F74-002DBA4860DA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "3.10.0" ,
"versionEndExcluding" : "3.10.4" ,
"matchCriteriaId" : "F65FB74F-11AB-439B-9CF0-9F08E03E4083"
}
]
}
]
}
] ,
2023-12-21 23:00:28 +00:00
"references" : [
{
"url" : "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4" ,
2023-12-29 17:00:28 +00:00
"source" : "product-cna@github.com" ,
"tags" : [
"Release Notes"
]
2023-12-21 23:00:28 +00:00
} ,
{
"url" : "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19" ,
2023-12-29 17:00:28 +00:00
"source" : "product-cna@github.com" ,
"tags" : [
"Release Notes"
]
2023-12-21 23:00:28 +00:00
} ,
{
"url" : "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12" ,
2023-12-29 17:00:28 +00:00
"source" : "product-cna@github.com" ,
"tags" : [
"Release Notes"
]
2023-12-21 23:00:28 +00:00
} ,
{
"url" : "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7" ,
2023-12-29 17:00:28 +00:00
"source" : "product-cna@github.com" ,
"tags" : [
"Release Notes"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Release Notes"
]
} ,
{
"url" : "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Release Notes"
]
} ,
{
"url" : "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Release Notes"
]
} ,
{
"url" : "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Release Notes"
]
2023-12-21 23:00:28 +00:00
}
]
}
