CVSS 3.1 Score 8.3 of 10 (high)


Published Dec 21, 2023
Updated: Dec 29, 2023
CWE ID 331


CVE-2023-46648 is an insufficient entropy vulnerability that affected all versions of GitHub Enterprise Server (GHES) since 3.8. This vulnerability allowed an attacker to brute force a user invitation to the GHES Management Console, but it required knowledge of a pending user invitation. The issue was fixed in versions 3.8.12, 3.9.7, 3.10.4, and 3.11.1 of GitHub Enterprise Server. The potential danger posed by this vulnerability was rated as high, with a base severity score of 8.3 out of 10 and impacts on integrity and confidentiality being high as well according to the CVSS vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-46648 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options