CVE-2023-46649: 
GitHub Enterprise Server vulnerability analysis and mitigation

A race condition vulnerability (CVE-2023-46649) was identified in GitHub Enterprise Server that could allow an attacker administrator access. The vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in versions 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. To exploit this vulnerability, an organization needs to be converted from a user (NVD).

The vulnerability is classified as a Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367). The CVSS v3.1 base score is 7.0 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access required, high attack complexity, low privileges required, no user interaction needed, and high impact on confidentiality, integrity, and availability (NVD).

If successfully exploited, the vulnerability could grant an attacker administrator access to the GitHub Enterprise Server instance, potentially compromising the entire system's security (NVD).

The vulnerability has been patched in GitHub Enterprise Server versions 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. Organizations should upgrade to these or later versions to mitigate the vulnerability (GitHub Release Notes).