CVE-2023-46648

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 21, 2023

Updated: Dec 29, 2023

CWE ID 331

Summary

CVE-2023-46648 is a vulnerability affecting GitHub Enterprise Server (GHES) where an insufficient entropy issue was discovered. An attacker, with knowledge of a pending user invitation, could exploit this vulnerability to gain unauthorized access to the GHES Management Console through brute force methods. This issue affected all versions of GitHub Enterprise Server starting from 3.8 and was resolved in versions 3.8.12, 3.9.7, 3.10.4, and 3.11.1. The vulnerability was reported through the GitHub Bug Bounty program.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Github Enterprise Server

Affected Vendors

GitHub

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tIwY6R
https://www.cve.org/CVERecord?id=CVE-2023-46648
https://nvd.nist.gov/vuln/detail/CVE-2023-46648

Back to Vulnerability Database