CVE-2023-51380

{"id": "CVE-2023-51380", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-12-21T21:15:13.757", "references": [{"url": "https://docs.github.com/en/[email protected]/admin/release-notes#3.10.4", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://docs.github.com/en/[email protected]/admin/release-notes#3.11.1", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://docs.github.com/en/[email protected]/admin/release-notes#3.7.19", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://docs.github.com/en/[email protected]/admin/release-notes#3.8.12", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://docs.github.com/en/[email protected]/admin/release-notes#3.9.7", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://docs.github.com/en/[email protected]/admin/release-notes#3.10.4", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.github.com/en/[email protected]/admin/release-notes#3.11.1", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.github.com/en/[email protected]/admin/release-notes#3.7.19", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.github.com/en/[email protected]/admin/release-notes#3.8.12", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.github.com/en/[email protected]/admin/release-notes#3.9.7", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token.\u00a0This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad de autorizaci\u00f3n incorrecta en GitHub Enterprise Server que permit\u00eda leer los comentarios del problema con un token con un alcance incorrecto. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server desde la 3.7 y se solucion\u00f3 en las versiones 3.17.19, 3.8.12, 3.9.7, 3.10.4 y 3.11.1."}], "lastModified": "2024-12-16T19:07:20.613", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C219467-E463-4C59-AAD7-8BECDA8AA1AE", "versionEndExcluding": "3.7.19", "versionStartIncluding": "3.7.0"}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3D983FF-FDDE-484C-AA34-31EB52E25EC2", "versionEndExcluding": "3.8.12", "versionStartIncluding": "3.8.0"}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B118EB53-4459-4817-8F74-002DBA4860DA", "versionEndExcluding": "3.9.7", "versionStartIncluding": "3.9.0"}, {"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F65FB74F-11AB-439B-9CF0-9F08E03E4083", "versionEndExcluding": "3.10.4", "versionStartIncluding": "3.10.0"}, {"criteria": "cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC723276-C3EE-4F79-857A-3A5C078C33E2"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}