CVE-2023-6746

Published: Dic 21, 2023 Last Modified: Dic 16, 2024 EU-VD ID: EUVD-2023-58959 Aliases: GSD-2023-6746

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,1

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: high

User Interaction: required

Scope: changed

Confidentiality: high

Integrity: high

Availability: none

Description

AI Translation Available

An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0018

Percentile

0,4th

Updated

EPSS Score Trend (Last 90 Days)

532

Insertion of Sensitive Information into Log File

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality

Potential Impacts:

Read Application Data

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: Medium

View CWE Details

Application

Enterprise Server by Github

Product Information

Vendor Github

Product Enterprise Server

Version Range Affected

From 3.7.0 (inclusive)

To 3.7.19 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Enterprise Server by Github

Product Information

Vendor Github

Product Enterprise Server

Version 3.11.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:github:enterprise_server:3.11.0:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Enterprise Server by Github

Product Information

Vendor Github

Product Enterprise Server

Version Range Affected

From 3.9.0 (inclusive)

To 3.9.7 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Enterprise Server by Github

Product Information

Vendor Github

Product Enterprise Server

Version Range Affected

From 3.8.0 (inclusive)

To 3.8.12 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Enterprise Server by Github

Product Information

Vendor Github

Product Enterprise Server

Version Range Affected

From 3.10.0 (inclusive)

To 3.10.4 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://docs.github.com/en/[email protected]/admin/rel…

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.10.4

https://docs.github.com/en/[email protected]/admin/rel…

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.11.1

https://docs.github.com/en/[email protected]/admin/rele…

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.7.19

https://docs.github.com/en/[email protected]/admin/rele…

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.8.12

https://docs.github.com/en/[email protected]/admin/rele…

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.9.7

https://docs.github.com/en/[email protected]/admin/rel…

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.10.4

https://docs.github.com/en/[email protected]/admin/rel…

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.11.1

https://docs.github.com/en/[email protected]/admin/rele…

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.7.19

https://docs.github.com/en/[email protected]/admin/rele…

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.8.12

https://docs.github.com/en/[email protected]/admin/rele…

Release Notes

https://docs.github.com/en/[email protected]/admin/release-notes#3.9.7

CVE-2023-6746

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Insertion of Sensitive Information into Log File

Common Consequences

Applicable Platforms

Enterprise Server by Github

Product Information

Enterprise Server by Github

Product Information

Enterprise Server by Github

Product Information

Enterprise Server by Github

Product Information

Enterprise Server by Github

Product Information

Iscriviti alla newsletter