CVE-2023-6746

HIGH

Github Enterprise Server < 3.7.19 - Log Information Exposure

Title source: rule

Description

An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

References (5)

Core 5

Core References

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.10.4

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.11.1

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.7.19

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.8.12

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.9.7

Scores

CVSS v3 8.1

EPSS 0.0018

EPSS Percentile 39.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-532

Status published

Products (2)

github/enterprise_server 3.11.0

github/enterprise_server 3.7.0 - 3.7.19

Published Dec 21, 2023

Tracked Since Feb 18, 2026