← Back to CVEs

CVE-2023-6802

HIGH

7.2

Description

An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

CVE Details

CVSS v3.1 Score7.2

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredHIGH

User InteractionNONE

Published12/21/2023

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

github:enterprise_server

Weaknesses (CWE)

CWE-532CWE-532

References

https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4(product-cna@github.com)

https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1(product-cna@github.com)

https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12(product-cna@github.com)

https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7(product-cna@github.com)

https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4(af854a3a-2127-422b-91ae-364da2661108)

https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1(af854a3a-2127-422b-91ae-364da2661108)

https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12(af854a3a-2127-422b-91ae-364da2661108)

https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.