← Back to CVEs

CVE-2023-6803

MEDIUM

5.8

Description

A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

CVE Details

CVSS v3.1 Score5.8

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

Attack VectorLOCAL

ComplexityHIGH

Privileges RequiredHIGH

User InteractionREQUIRED

Published12/21/2023

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

github:enterprise_server

Weaknesses (CWE)

CWE-367CWE-367

References

https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4(product-cna@github.com)

https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1(product-cna@github.com)

https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12(product-cna@github.com)

https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7(product-cna@github.com)

https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4(af854a3a-2127-422b-91ae-364da2661108)

https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1(af854a3a-2127-422b-91ae-364da2661108)

https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12(af854a3a-2127-422b-91ae-364da2661108)

https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.