// For flags

CVE-2023-51380

Incorrect Authorization allows Read Access to Issue Comments in GitHub Enterprise Server

Severity Score

4.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Se identificó una vulnerabilidad de autorización incorrecta en GitHub Enterprise Server que permitía leer los comentarios del problema con un token con un alcance incorrecto. Esta vulnerabilidad afectó a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucionó en las versiones 3.17.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1.

*Credits: Douglas Day
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-12-18 CVE Reserved
  • 2023-12-21 CVE Published
  • 2023-12-30 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-863: Incorrect Authorization
CAPEC
  • CAPEC-114: Authentication Abuse
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Github
Search vendor "Github"
Enterprise Server
Search vendor "Github" for product "Enterprise Server"
>= 3.7.0 < 3.17.19
Search vendor "Github" for product "Enterprise Server" and version " >= 3.7.0 < 3.17.19"
-
Affected
Github
Search vendor "Github"
Enterprise Server
Search vendor "Github" for product "Enterprise Server"
>= 3.8.0 < 3.8.12
Search vendor "Github" for product "Enterprise Server" and version " >= 3.8.0 < 3.8.12"
-
Affected
Github
Search vendor "Github"
Enterprise Server
Search vendor "Github" for product "Enterprise Server"
>= 3.9.0 < 3.9.7
Search vendor "Github" for product "Enterprise Server" and version " >= 3.9.0 < 3.9.7"
-
Affected
Github
Search vendor "Github"
Enterprise Server
Search vendor "Github" for product "Enterprise Server"
>= 3.10.0 < 3.10.4
Search vendor "Github" for product "Enterprise Server" and version " >= 3.10.0 < 3.10.4"
-
Affected
Github
Search vendor "Github"
Enterprise Server
Search vendor "Github" for product "Enterprise Server"
3.11.0
Search vendor "Github" for product "Enterprise Server" and version "3.11.0"
-
Affected