CVE-2023-51380

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 21, 2023
Updated: Dec 16, 2024
CWE ID 863

Summary

CVE-2023-51380 is an authorization vulnerability affecting GitHub Enterprise Server. It enables unauthorized users to read issue comments using improperly scoped tokens. This issue impacted all versions of GitHub Enterprise Server starting from 3.7, and was resolved in subsequent updates, including 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. Unauthorized access to issue comments can potentially lead to sensitive information disclosure or other malicious activities. Therefore, it is crucial for affected organizations to promptly apply the relevant patches to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Github Enterprise Server

Affected Vendors

  • GitHub