← Volver a CVEs
CVE-2023-6802
HIGH7.2
Descripcion
An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
Detalles CVE
Puntuacion CVSS v3.17.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado12/21/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
github:enterprise_server
Debilidades (CWE)
CWE-532CWE-532
Referencias
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4(product-cna@github.com)
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1(product-cna@github.com)
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12(product-cna@github.com)
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7(product-cna@github.com)
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4(af854a3a-2127-422b-91ae-364da2661108)
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1(af854a3a-2127-422b-91ae-364da2661108)
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12(af854a3a-2127-422b-91ae-364da2661108)
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.