CVE-2023-46647 – Improper Privilege Management in GitHub Enterprise Server management console leads to privilege escalation
https://notcve.org/view.php?id=CVE-2023-46647
Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0. La administración inadecuada de privilegios en todas las versiones de GitHub Enterprise Server permite a los usuarios con acceso autorizado a la consola de administración con un rol de editor escalar sus privilegios al realizar solicitudes al endpoint utilizado para iniciar la instancia. Esta vulnerabilidad afectó a GitHub Enterprise Server versión 3.8.0 y superiores y se solucionó en las versiones 3.8.12, 3.9.6, 3.10.3 y 3.11.0. • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3 https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.0 https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6 • CWE-269: Improper Privilege Management •
CVE-2023-46646
https://notcve.org/view.php?id=CVE-2023-46646
Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0. El control de acceso inadecuado en todas las versiones de GitHub Enterprise Server permite a usuarios no autorizados ver nombres de repositorios privados a través del endpoint API "Get a check run". Esta vulnerabilidad no permitía el acceso no autorizado a ningún contenido del repositorio además del nombre. • https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19 https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2023-23766 – Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
https://notcve.org/view.php?id=CVE-2023-23766
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program. Se identificó una vulnerabilidad de comparación incorrecta en GitHub Enterprise Server que permitía el contrabando de confirmaciones al mostrar una diferencia incorrecta en una Solicitud de Extracción reabierta. • https://docs.github.com/enterprise-server@3.10/admin/release-notes#3.10.1 https://docs.github.com/enterprise-server@3.6/admin/release-notes#3.6.17 https://docs.github.com/enterprise-server@3.7/admin/release-notes#3.7.15 https://docs.github.com/enterprise-server@3.8/admin/release-notes#3.8.8 https://docs.github.com/enterprise-server@3.9/admin/release-notes#3.9.3 • CWE-697: Incorrect Comparison •
CVE-2023-4501 – Authentication bypass in OpenText (Micro Focus) Enterprise Server
https://notcve.org/view.php?id=CVE-2023-4501
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user. Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon. Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password. • https://portal.microfocus.com/s/article/KM000021287 • CWE-253: Incorrect Check of Function Return Value CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness CWE-358: Improperly Implemented Security Check for Standard •
CVE-2023-23763 – Information disclosure in GitHub Enterprise Server leading to private repository leakage
https://notcve.org/view.php?id=CVE-2023-23763
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program. Se ha identificado una vulnerabilidad de autorización/divulgación de información sensible en GitHub Enterprise Server que permitía a un fork conservar el acceso de lectura a un repositorio upstream después de cambiar su visibilidad a privada. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server anteriores a la 3.10.0 y se solucionó en las versiones 3.9.4, 3.8.9, 3.7.16 y 3.6.18. • https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.18-security-fixes https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.16-security-fixes https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9-security-fixes https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.4-security-fixes • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •