How severe is CVE-2023-6847?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2023-6847?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2023-6847 - HIGH Severity | CVSS 7.5

Vulnerability Description

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.

Related Vulnerabilities

CVE-2002-2438

HIGH

CVSS:7.5(High)

TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling.

CWE-2872002

CVE-2009-0130

HIGH

CVSS:7.5(High)

lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate cha...

CWE-2872009

CVE-2011-2054

HIGH

CVSS:7.5(High)

A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is ...

CWE-2872011

CVE-2012-3824

HIGH

CVSS:7.5(High)

In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization.

CWE-2872012

CVE-2013-1391

HIGH

CVSS:7.5(High)

Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configu...

CWE-2872013

CVE-2013-2569

HIGH

CVSS:7.5(High)

A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to...

CWE-2872013