What is CVE-2023-23761?

CVE-2023-23761 is a high-severity vulnerability in Github Enterprise Server, classified under Improper Authentication. CVSS score: 7.7/10. Published 2023-04-07.

How severe is CVE-2023-23761?

High severity. CVSS v3 base score is 7.7 out of 10.

Auth bypass in Github Enterprise Server

CVE-2023-23761

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know…

Vulnerability class: Broken Authentication

EPSS: 0.001 (31.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N.

Affected products

Github Enterprise Server — versions 3.4.0, 3.5.0, 3.6.0

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

docs.github.com/en/enterprise-server@3.8/admin/release-notes
docs.github.com/en/enterprise-server@3.7/admin/release-notes
docs.github.com/en/enterprise-server@3.6/admin/release-notes
docs.github.com/en/enterprise-server@3.5/admin/release-notes
docs.github.com/en/enterprise-server@3.4/admin/release-notes

Frequently asked questions

What is CVE-2023-23761?: CVE-2023-23761 is a high-severity vulnerability in Github Enterprise Server, classified under Improper Authentication. CVSS score: 7.7/10. Published 2023-04-07.
How severe is CVE-2023-23761?: High severity. CVSS v3 base score is 7.7 out of 10.