Published: 21/12/2023 Updated: 29/12/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an malicious user to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
github enterprise server
github enterprise server 3.11.0

LPE exploit for CVE-2023-36802

CVE-2023-36802 Local Privilege Escalation POC authors: chompie For demonstration purposes only Complete exploit works on vulnerable Windows 11 22H2 systems Adapting the exploit to all vulnerable systems is left as an exercise to the reader Git gud, etc Usage: Windows_MSKSSRV_LPE_CVE-2023-6802exe <pid> where <pid&

LPE exploit for CVE-2023-36802

CVE-2023-36802 Local Privilege Escalation POC authors: chompie For demonstration purposes only Complete exploit works on vulnerable Windows 11 22H2 systems Adapting the exploit to all vulnerable systems is left as an exercise to the reader Git gud, etc Usage: Windows_MSKSSRV_LPE_CVE-2023-6802exe <pid> where <pid&

CWE-532 https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12 https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7 https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4 https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1 https://nvd.nist.gov https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802

CVE-2023-6802

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect