Merge pull request github#30793 from github/repo-sync

Repo sync
OwaisAzad · Dec 21, 2023 · b00bb74 · b00bb74
2 parents eb4155e + f8ff144
commit b00bb74
Show file tree

Hide file tree

Showing 5 changed files with 106 additions and 65 deletions.
diff --git a/data/release-notes/enterprise-server/3-10/4.yml b/data/release-notes/enterprise-server/3-10/4.yml
@@ -12,17 +12,25 @@ sections:
       
       This vulnerability would allow unauthenticated attackers to gain access to various types of resources set as public on the instance. To exploit this vulnerability, an attacker would need network access to the GitHub Enterprise Server instance configured in private mode. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-6847](https://www.cve.org/cverecord?id=CVE-2023-6847).
     - |
-      **HIGH**: An attacker with access to a Management Console user account with the editor role could escalate privileges by making requests to the endpoint used for bootstrapping the instance, and then reset the root site administrator password. GitHub has requested CVE ID [CVE-2023-46647](https://nvd.nist.gov/vuln/detail/CVE-2023-46647) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). 
+      **HIGH**: An attacker with access to a Management Console user account with the editor role could escalate privileges by making requests to the endpoint used for bootstrapping the instance, and then reset the root site administrator password. GitHub has requested CVE ID [CVE-2023-46647](https://www.cve.org/cverecord?id=CVE-2023-46647) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). 
     - |
-      **MEDIUM**: An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server backend service that could permit an adversary in the middle attack when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server instance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. GitHub has requested CVE ID [CVE-2023-6746](https://nvd.nist.gov/vuln/detail/CVE-2023-6746) for this vulnerability. 
+      **HIGH**: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-46645](https://www.cve.org/cverecord?id=CVE-2023-46645). 
     - |
-      **MEDIUM:** Due to an insufficient entropy vulnerability, an attacker could brute force a user invitation to the Management Console. To exploit this vulnerability, an attacker would have needed knowledge that a user invitation was pending. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-46648](https://www.cve.org/CVERecord?id=CVE-2023-46648). 
+      **MEDIUM**: An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server backend service that could permit an adversary in the middle attack when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server instance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. GitHub has requested CVE ID [CVE-2023-6746](https://www.cve.org/cverecord?id=CVE-2023-6746) for this vulnerability. 
     - |
-      **MEDIUM**: Due to an improper access control, an attacker could view private repository names by enumerating check run IDs with the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content other than the name. GitHub has requested CVE ID [CVE-2023-46646](https://nvd.nist.gov/vuln/detail/CVE-2023-46646) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). 
+      **MEDIUM**: Due to an insufficient entropy vulnerability, an attacker could brute force a user invitation to the Management Console. To exploit this vulnerability, an attacker would have needed knowledge that a user invitation was pending. This vulnerability was reported via the [GitHub Bug Bounty](https://bounty.github.com/) program and assigned [CVE-2023-46648](https://www.cve.org/CVERecord?id=CVE-2023-46648). 
     - |
-      **MEDIUM:** An attacker could maintain admin access to a transferred repository in a race condition by making a GraphQL mutation to alter repository permissions during the transfer. GitHub has requested CVE ID [CVE-2023-6690](https://nvd.nist.gov/vuln/detail/CVE-2023-6690) for this vulnerability, which reported via the [GitHub Bug Bounty program](https://bounty.github.com/). 
+      **MEDIUM**: An attacker could maintain admin access via a race condition when an organization was converted from a user. GitHub has requested CVE ID [CVE-2023-46649](https://www.cve.org/cverecord?id=CVE-2023-46649) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
     - |
-      **MEDIUM**: Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped personal access token. To exploit this, a workflow must have already existed in the target repository. GitHub has requested CVE ID [CVE-2023-6804](https://nvd.nist.gov/vuln/detail/CVE-2023-6804) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). 
+      **MEDIUM**: Due to an improper access control, an attacker could view private repository names by enumerating check run IDs with the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content other than the name. GitHub has requested CVE ID [CVE-2023-46646](https://www.cve.org/cverecord?id=CVE-2023-46646) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). 
+    - |
+      **MEDIUM**: An attacker could maintain admin access to a transferred repository in a race condition by making a GraphQL mutation to alter repository permissions during the transfer. GitHub has requested CVE ID [CVE-2023-6690](https://www.cve.org/cverecord?id=CVE-2023-6690) for this vulnerability, which reported via the [GitHub Bug Bounty program](https://bounty.github.com/). 
+    - |
+      **MEDIUM**: An insertion of sensitive information into log file in the audit log in GitHub Enterprise Server was identified that that could allow an attacker to gain access to the Management Console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server instance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. GitHub has requested CVE ID [CVE-2023-6802](https://www.cve.org/CVERecord?id=CVE-2023-6802) for this vulnerability.
+    - |
+      **MEDIUM**: A race condition in GitHub Enterprise Server allowed an outside collaborator to be added while a repository is being transferred. GitHub has requested CVE ID [CVE-2023-6803](https://www.cve.org/cverecord?id=CVE-2023-6803) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
+    - |
+      **MEDIUM**: Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped personal access token. To exploit this, a workflow must have already existed in the target repository. GitHub has requested CVE ID [CVE-2023-6804](https://www.cve.org/cverecord?id=CVE-2023-6804) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/).
     - |
       **MEDIUM**: An incorrect authorization vulnerability was identified that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required `contents.write` and `issues.read` permissions. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-51379](https://www.cve.org/CVERecord?id=CVE-2023-51379). 
     - |