Security Advisory

CVE-2023-6804

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-21 20:45:34

Last updated 2024-11-27 18:41:27

Assigner GitHub_P

State PUBLISHED

Description

Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

← Browse all CVEs View on cve.org ↗