CVE-2023-6802: 
GitHub Enterprise Server vulnerability analysis and mitigation

CVE-2023-6802 is a vulnerability identified in GitHub Enterprise Server that involves the insertion of sensitive information into audit log files. The vulnerability was discovered and disclosed on December 21, 2023, affecting all versions of GitHub Enterprise Server since version 3.8. The issue was fixed in versions 3.8.12, 3.9.7, 3.10.4, and 3.11.1 (NVD).

The vulnerability is classified as an information disclosure issue (CWE-532) where sensitive information was inserted into the audit log files. The vulnerability has received a CVSS v3.1 base score of 7.2 (HIGH) from GitHub, with a vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, while NIST assigned a score of 6.5 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (NVD).

The vulnerability could allow an attacker to gain access to the management console of the GitHub Enterprise Server instance. This access could potentially lead to unauthorized administrative control of the server (NVD).

The vulnerability has been patched in GitHub Enterprise Server versions 3.8.12, 3.9.7, 3.10.4, and 3.11.1. Organizations running affected versions should upgrade to the patched versions to mitigate this vulnerability (NVD).