An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_P
Published: 2023-12-21T20:46:07.362Z
Updated: 2024-08-02T08:42:07.604Z
Reserved: 2023-12-15T16:07:50.990Z
Link: CVE-2023-6847
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-12-21T21:15:15.340
Modified: 2023-12-29T19:13:35.857
Link: CVE-2023-6847
Redhat
No data.