What is CVE-2023-46647?

CVE-2023-46647 is a high-severity vulnerability in Github Enterprise Server, classified under Improper Privilege Management. CVSS score: 8.0/10. Published 2023-12-21.

How severe is CVE-2023-46647?

High severity. CVSS v3 base score is 8.0 out of 10.

Privilege escalation in Github Enterprise Server

CVE-2023-46647

Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapp…

Vulnerability class: Privilege Escalation

EPSS: 0.005 (66.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.0 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Github Enterprise Server — versions 3.8.0, 3.9.0, 3.10.0

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

docs.github.com/en/enterprise-server@3.8/admin/release-notes
docs.github.com/en/enterprise-server@3.9/admin/release-notes
docs.github.com/en/enterprise-server@3.10/admin/release-notes
docs.github.com/en/enterprise-server@3.11/admin/release-notes

Frequently asked questions

What is CVE-2023-46647?: CVE-2023-46647 is a high-severity vulnerability in Github Enterprise Server, classified under Improper Privilege Management. CVSS score: 8.0/10. Published 2023-12-21.
How severe is CVE-2023-46647?: High severity. CVSS v3 base score is 8.0 out of 10.