First published: Fri Sep 01 2023(Updated: )
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program.
Credit: product-cna@github.com product-cna@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitHub Enterprise Server | >=3.6.0<3.6.18 | |
GitHub Enterprise Server | >=3.7.0<3.7.16 | |
GitHub Enterprise Server | >=3.8.0<3.8.9 | |
GitHub Enterprise Server | >=3.9.0<3.9.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-23763 is an authorization/sensitive information disclosure vulnerability in GitHub Enterprise Server.
CVE-2023-23763 affects all versions of GitHub Enterprise Server prior to 3.6.18, 3.7.16, 3.8.9, and 3.9.4.
CVE-2023-23763 has a severity rating of 5.3 (Medium).
To fix CVE-2023-23763, update your GitHub Enterprise Server to version 3.6.18, 3.7.16, 3.8.9, or 3.9.4.
You can find more information about CVE-2023-23763 in the GitHub Enterprise Server release notes: [link1], [link2], [link3].