TROYANOSYVIRUS
Volver a CVEs

CVE-2023-6804

MEDIUM
6.5

Descripcion

Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Detalles CVE

Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Vector de ataqueLOCAL
ComplejidadHIGH
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado12/21/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

This product uses data from the NVD API but is not endorsed or certified by the NVD.