VYPR
Unrated severityNVD Advisory· Published Dec 21, 2023· Updated Nov 27, 2024

Improper Privilege Management allows for arbitrary workflows to be run

CVE-2023-6804

Description

Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • GitHub/Enterprise Serverllm-fuzzy2 versions
    >=3.8, <3.8.12 || >=3.9, <3.9.7 || >=3.10, <3.10.4 || >=3.11, <3.11.1+ 1 more
    • (no CPE)range: >=3.8, <3.8.12 || >=3.9, <3.9.7 || >=3.10, <3.10.4 || >=3.11, <3.11.1
    • (no CPE)range: 3.8.0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.