← Volver a CVEs

CVE-2023-6803

MEDIUM

5.8

Descripcion

A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Detalles CVE

Puntuacion CVSS v3.15.8

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

Vector de ataqueLOCAL

ComplejidadHIGH

Privilegios requeridosHIGH

Interaccion usuarioREQUIRED

Publicado12/21/2023

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

github:enterprise_server

Debilidades (CWE)

CWE-367CWE-367

Referencias

https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4(product-cna@github.com)

https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1(product-cna@github.com)

https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12(product-cna@github.com)

https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7(product-cna@github.com)

https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4(af854a3a-2127-422b-91ae-364da2661108)

https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1(af854a3a-2127-422b-91ae-364da2661108)

https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12(af854a3a-2127-422b-91ae-364da2661108)

https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.