An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. 
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_P

Published: 2023-12-21T20:45:46.269Z

Updated: 2024-08-02T22:32:09.453Z

Reserved: 2023-12-18T17:47:35.907Z

Link: CVE-2023-51379

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-12-21T21:15:13.480

Modified: 2024-12-16T19:07:10.117

Link: CVE-2023-51379

cve-icon Redhat

No data.