An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_P
Published: 2023-12-21T20:45:46.269Z
Updated: 2024-08-02T22:32:09.453Z
Reserved: 2023-12-18T17:47:35.907Z
Link: CVE-2023-51379
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-12-21T21:15:13.480
Modified: 2024-12-16T19:07:10.117
Link: CVE-2023-51379
Redhat
No data.