Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_P
Published: 2023-12-21T20:45:34.098Z
Updated: 2023-12-21T20:45:34.098Z
Reserved: 2023-12-13T19:26:47.233Z
Link: CVE-2023-6804
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-21T21:15:15.020
Modified: 2023-12-29T19:15:50.637
Link: CVE-2023-6804
JSON object: View
Redhat Information
No data.
CWE