Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_P

Published: 2023-12-21T20:45:17.664Z

Updated: 2024-08-02T20:53:20.870Z

Reserved: 2023-10-24T13:41:13.389Z

Link: CVE-2023-46647

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-12-21T21:15:08.930

Modified: 2023-12-29T15:52:07.093

Link: CVE-2023-46647

cve-icon Redhat

No data.