An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_P
Published: 2023-12-21T20:45:46.269Z
Updated: 2023-12-21T20:45:46.269Z
Reserved: 2023-12-18T17:47:35.907Z
Link: CVE-2023-51379
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-21T21:15:13.480
Modified: 2023-12-29T15:30:21.787
Link: CVE-2023-51379
JSON object: View
Redhat Information
No data.
CWE