Rewterz Threat Advisory – CVE-2023-51441 – Apache Axis Vulnerability
January 7, 2024Rewterz Threat Alert – DarkCrystal RAT aka DCRat – Active IOCs
January 8, 2024Rewterz Threat Advisory – CVE-2023-51441 – Apache Axis Vulnerability
January 7, 2024Rewterz Threat Alert – DarkCrystal RAT aka DCRat – Active IOCs
January 8, 2024Severity
Low
Analysis Summary
CVE-2023-6690
GitHub Enterprise Server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a race condition. By making a GraphQL mutation to alter repository permissions during the transfer, an attacker could exploit this vulnerability to maintain permissions on transferred repositories.
Impact
- Privileges Escalation
Indicators Of Compromise
CVE
- CVE-2023-6690
Affected Vendors
GitHUB
Affected Products
- GitHub Enterprise Server 3.9.6
- GitHub Enterprise Server 3.10.3
- GitHub Enterprise Server 3.11.0
- GitHub Enterprise Server 3.8.11
Remediation
Refer to GitHub Docs Website for patch, upgrade or suggested workaround information.