CVE-2023-23767 Information

Description

Incorrect Permission Assignment for Critical Resource in GitHub Enterprise Server that allowed local operating system user accounts to read MySQL connection details including the MySQL password via configuration files. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.7.18 3.8.11 3.9.6 and 3.10.3.

Reference

https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6 https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.11 https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.18 https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3