CVE-2023-6690 - OpenCVE

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Github	Enterprise Server

Configuration 1 [-]

OR	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server::::::::
	cpe:2.3:a:github:enterprise_server:3.11.0:::::::*

No data.

References

Link	Providers
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_P

Published: 2023-12-21T20:45:19.285Z

Updated: 2024-08-02T08:35:14.855Z

Reserved: 2023-12-11T17:06:22.719Z

Link: CVE-2023-6690

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-12-21T21:15:14.053

Modified: 2023-12-29T19:21:45.180

Link: CVE-2023-6690

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6690", "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "state": "PUBLISHED", "assignerShortName": "GitHub_P", "dateReserved": "2023-12-11T17:06:22.719Z", "datePublished": "2023-12-21T20:45:19.285Z", "dateUpdated": "2024-08-02T08:35:14.855Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Enterprise Server", "vendor": "GitHub", "versions": [{"changes": [{"at": "3.8.12", "status": "unaffected"}], "lessThanOrEqual": "3.8.11", "status": "affected", "version": "3.8", "versionType": "semver"}, {"changes": [{"at": "3.9.7", "status": "unaffected"}], "lessThanOrEqual": "3.9.6", "status": "affected", "version": "3.9", "versionType": "semver"}, {"changes": [{"at": "3.10.4", "status": "unaffected"}], "lessThanOrEqual": "3.10.3", "status": "affected", "version": "3.10", "versionType": "semver"}, {"changes": [{"at": "3.11.1", "status": "unaffected"}], "lessThanOrEqual": "3.11.0", "status": "affected", "version": "3.11", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "inspector-ambitious"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. <span style=\"background-color: var(--wht);\">This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.</span><br>"}], "value": "A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer.\u00a0This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\n"}], "impacts": [{"capecId": "CAPEC-29", "descriptions": [{"lang": "en", "value": "CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760", "shortName": "GitHub_P", "dateUpdated": "2023-12-21T20:45:19.285Z"}, "references": [{"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"}, {"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"}, {"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"}, {"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:14.855Z"}, "title": "CVE Program Container", "references": [{"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12", "tags": ["x_transferred"]}, {"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7", "tags": ["x_transferred"]}, {"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4", "tags": ["x_transferred"]}, {"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3D983FF-FDDE-484C-AA34-31EB52E25EC2", "versionEndExcluding": "3.8.12", "versionStartIncluding": "3.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B118EB53-4459-4817-8F74-002DBA4860DA", "versionEndExcluding": "3.9.7", "versionStartIncluding": "3.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "F65FB74F-11AB-439B-9CF0-9F08E03E4083", "versionEndExcluding": "3.10.4", "versionStartIncluding": "3.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "AC723276-C3EE-4F79-857A-3A5C078C33E2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer.\u00a0This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.\n"}, {"lang": "es", "value": "Una condici\u00f3n de ejecuci\u00f3n en GitHub Enterprise Server permiti\u00f3 a un administrador existente mantener los permisos en los repositorios transferidos al realizar una mutaci\u00f3n GraphQL para alterar los permisos del repositorio durante la transferencia. Esta vulnerabilidad afect\u00f3 a GitHub Enterprise Server versi\u00f3n 3.8.0 y superiores y se solucion\u00f3 en las versiones 3.8.12, 3.9.7, 3.10.4 y 3.11.1."}], "id": "CVE-2023-6690", "lastModified": "2023-12-29T19:21:45.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.4, "source": "product-cna@github.com", "type": "Secondary"}]}, "published": "2023-12-21T21:15:14.053", "references": [{"source": "product-cna@github.com", "tags": ["Release Notes"], "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"}, {"source": "product-cna@github.com", "tags": ["Release Notes"], "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"}, {"source": "product-cna@github.com", "tags": ["Release Notes"], "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"}, {"source": "product-cna@github.com", "tags": ["Release Notes"], "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"}], "sourceIdentifier": "product-cna@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-367"}], "source": "product-cna@github.com", "type": "Secondary"}]}