CVE-2023-46646: 
GitHub Enterprise Server vulnerability analysis and mitigation

Improper access control vulnerability (CVE-2023-46646) was identified in GitHub Enterprise Server that allowed unauthorized users to view private repository names through the "Get a check run" API endpoint. The vulnerability affected all versions from 3.7.0 and above, and was fixed in versions 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.0. This security issue only exposed repository names and did not allow access to any other repository content (NVD).

The vulnerability is classified as CWE-639 (Authorization Bypass Through User-Controlled Key) with a CVSS v3.1 Base Score of 5.3 (MEDIUM). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N). The scope is unchanged (S:U) with low confidentiality impact (C:L) and no impact on integrity (I:N) or availability (A:N) (NVD).

The vulnerability's impact was limited to exposing private repository names through the "Get a check run" API endpoint. While sensitive information was disclosed, the scope was contained as it did not allow unauthorized access to any repository content beyond the name (NVD).

GitHub has addressed this vulnerability by releasing fixed versions. Users should upgrade to version 3.17.19, 3.8.12, 3.9.7, 3.10.4, or 3.11.0 depending on their current version track. The fix prevents unauthorized users from viewing private repository names through the affected API endpoint (NVD).