CVE-2023-51380

LOW

GitHub Enterprise Server <3.7.19-3.11.1 - Auth Bypass

Title source: llm

Description

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

References (5)

Core 5

Core References

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.10.4

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.11.1

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.7.19

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.8.12

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.9.7

Scores

CVSS v3 2.7

EPSS 0.0047

EPSS Percentile 36.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-863

Status published

Products (2)

github/enterprise_server 3.11.0

github/enterprise_server 3.7.0 - 3.7.19

Published Dec 21, 2023

Tracked Since Feb 18, 2026