An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist's URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_P
Published: 2023-04-07T18:41:47.038Z
Updated: 2023-04-18T15:00:56.300Z
Reserved: 2023-01-17T20:40:37.553Z
Link: CVE-2023-23761
JSON object: View
NVD Information
Status : Modified
Published: 2023-04-07T19:15:06.980
Modified: 2023-04-18T16:15:08.930
Link: CVE-2023-23761
JSON object: View
Redhat Information
No data.
CWE