CVE-2023-46647 - OpenCVE

Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Github	Enterprise Server

Configuration 1 [-]

OR	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::

References

Link	Resource
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3	Release Notes
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.0	Release Notes
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12	Release Notes
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6	Release Notes

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_P

Published: 2023-12-21T20:45:17.664Z

Updated: 2023-12-21T20:45:17.664Z

Reserved: 2023-10-24T13:41:13.389Z

Link: CVE-2023-46647

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-21T21:15:08.930

Modified: 2023-12-29T15:52:07.093

Link: CVE-2023-46647

JSON object: View

Redhat Information

No data.

CWE

CWE-269

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-46647", "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "state": "PUBLISHED", "assignerShortName": "GitHub_P", "dateReserved": "2023-10-24T13:41:13.389Z", "datePublished": "2023-12-21T20:45:17.664Z", "dateUpdated": "2023-12-21T20:45:17.664Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Enterprise Server", "vendor": "GitHub", "versions": [{"changes": [{"at": "3.8.12", "status": "unaffected"}], "lessThanOrEqual": "3.8.11", "status": "affected", "version": "3.8.0", "versionType": "semver"}, {"changes": [{"at": "3.9.6", "status": "unaffected"}], "lessThanOrEqual": "3.9.5", "status": "affected", "version": "3.9.0", "versionType": "semver"}, {"changes": [{"at": "3.10.3", "status": "unaffected"}], "lessThanOrEqual": "3.10.3", "status": "affected", "version": "3.10.0", "versionType": "semver"}, {"status": "unaffected", "version": "3.11.0"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Imre Rad"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. <span style=\"background-color: var(--wht);\">This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.</span>"}], "value": "Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance.\u00a0This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P", "dateUpdated": "2023-12-21T20:45:17.664Z"}, "references": [{"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"}, {"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6"}, {"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3"}, {"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.0"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper Privilege Management in GitHub Enterprise Server management console leads to privilege escalation ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3D983FF-FDDE-484C-AA34-31EB52E25EC2", "versionEndExcluding": "3.8.12", "versionStartIncluding": "3.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "293B7C5B-C544-4426-A68E-F3FFB293CFBA", "versionEndExcluding": "3.9.6", "versionStartIncluding": "3.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "226320D4-C315-4868-A1DB-1E5E53B7798F", "versionEndExcluding": "3.10.3", "versionStartIncluding": "3.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance.\u00a0This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0."}, {"lang": "es", "value": "La administraci\u00f3n inadecuada de privilegios en todas las versiones de GitHub Enterprise Server permite a los usuarios con acceso autorizado a la consola de administraci\u00f3n con un rol de editor escalar sus privilegios al realizar solicitudes al endpoint utilizado para iniciar la instancia. Esta vulnerabilidad afect\u00f3 a GitHub Enterprise Server versi\u00f3n 3.8.0 y superiores y se solucion\u00f3 en las versiones 3.8.12, 3.9.6, 3.10.3 y 3.11.0."}], "id": "CVE-2023-46647", "lastModified": "2023-12-29T15:52:07.093", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "product-cna@github.com", "type": "Secondary"}]}, "published": "2023-12-21T21:15:08.930", "references": [{"source": "product-cna@github.com", "tags": ["Release Notes"], "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3"}, {"source": "product-cna@github.com", "tags": ["Release Notes"], "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.0"}, {"source": "product-cna@github.com", "tags": ["Release Notes"], "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"}, {"source": "product-cna@github.com", "tags": ["Release Notes"], "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6"}], "sourceIdentifier": "product-cna@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "product-cna@github.com", "type": "Secondary"}]}