CVE-2023-46647: 
GitHub Enterprise Server vulnerability analysis and mitigation

Improper privilege management in GitHub Enterprise Server (CVE-2023-46647) allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in versions 3.8.12, 3.9.6, 3.10.3, and 3.11.0 (NVD).

The vulnerability is classified as an Improper Privilege Management (CWE-269) issue. It has a CVSS v3.1 Base Score of 8.8 HIGH (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) according to NVD's assessment, while GitHub's assessment rates it at 8.0 HIGH (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) (NVD).

The vulnerability allows users with editor role access to the management console to elevate their privileges, potentially gaining higher levels of access than intended. This could lead to unauthorized access to sensitive system functions and data, with high impacts on confidentiality, integrity, and availability of the system (NVD).

The vulnerability has been fixed in GitHub Enterprise Server versions 3.8.12, 3.9.6, 3.10.3, and 3.11.0. Users should upgrade to these or later versions to mitigate the vulnerability (GitHub Release Notes).