CVE-2023-51379

MEDIUM Year: 2023
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-863
View all →

Vulnerability Description

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read permissions. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Related Vulnerabilities

CVE-2017-6816

MEDIUM
CVSS:4.9(Medium)

In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.

CWE-8632017

CVE-2020-15120

MEDIUM
CVSS:4.9(Medium)

In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be fur...

CWE-8632020

CVE-2020-26028

MEDIUM
CVSS:4.9(Medium)

An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets.

CWE-8632020

CVE-2021-22186

MEDIUM
CVSS:4.9(Medium)

An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners

CWE-8632021

CVE-2021-22535

MEDIUM
CVSS:4.9(Medium)

Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could ...

CWE-8632021

CVE-2021-29158

MEDIUM
CVSS:4.9(Medium)

Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.

CWE-8632021