CVE-2023-51380
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2023-51380 is an authorization vulnerability affecting GitHub Enterprise Server. It enables unauthorized users to read issue comments using improperly scoped tokens. This issue impacted all versions of GitHub Enterprise Server starting from 3.7, and was resolved in subsequent updates, including 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. Unauthorized access to issue comments can potentially lead to sensitive information disclosure or other malicious activities. Therefore, it is crucial for affected organizations to promptly apply the relevant patches to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Github Enterprise Server
Affected Vendors
- GitHub