Severity
High
Analysis Summary
CVE-2023-46647 CVSS:9
GitHub Enterprise Server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper privilege management. By sending specially crafted requests to the endpoint used for bootstrapping the instance, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-6746 CVSS:8.1
GitHub Enterprise Server could allow a remote authenticated attacker to obtain sensitive information, caused by the insertion of sensitive information into a log file in a backend service. By accessing the log files, an attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2023-46647
- CVE-2023-6746
Affected Vendors
Affected Products
- GitHub Enterprise Server 3.7.5
- GitHub Enterprise Server 3.9.6
- GitHub Enterprise Server 3.10.3
- GitHub Enterprise Server 3.11.0
- GitHub Enterprise Server 3.8.11
- GitHub Enterprise Server 3.7.18
- GitHub Enterprise Server 3.7.0
Remediation
Upgrade to the latest version of GitHub Enterprise Server, available from the GitHub Website.