CVE-2023-51379: 
GitHub Enterprise Server vulnerability analysis and mitigation

An incorrect authorization vulnerability (CVE-2023-51379) was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in versions 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. The vulnerability was reported through the GitHub Bug Bounty Program (NVD).

The vulnerability is classified as an incorrect authorization issue (CWE-863) with a CVSS v3.1 base score of 4.9 (MEDIUM). The attack vector is network-based (AV:N), requires low attack complexity (AC:L), high privileges (PR:H), and no user interaction (UI:N). The scope is unchanged (S:U) with no impact on confidentiality (C:N), high impact on integrity (I:H), and no impact on availability (A:N) (NVD).

The vulnerability's impact was limited as it did not allow unauthorized access to any repository content, as it also required contents:write and issues:read permissions to be exploited (NVD).

The vulnerability has been fixed in GitHub Enterprise Server versions 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. Users should upgrade to these or later versions to mitigate the vulnerability (GitHub Release Notes).