CVE-2023-6803

CVSS 3.1 Score 4.0 of 10 (medium)

Details

Published Dec 21, 2023

Updated: Dec 29, 2023

CWE ID 367

Summary

CVE-2023-6803 is a race condition vulnerability affecting GitHub Enterprise Server. An outside collaborator was able to be added to a repository while it was being transferred, leading to unintended access. Impacting all versions from 3.8 to 3.11, this issue was resolved in 3.8.12, 3.9.7, 3.10.4, and 3.11.1. Users are strongly advised to update their servers to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Github Enterprise Server

Affected Vendors

GitHub

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ty7fkH
https://www.cve.org/CVERecord?id=CVE-2023-6803
https://nvd.nist.gov/vuln/detail/CVE-2023-6803

Back to Vulnerability Database