[PATs] Ability to leak comments from issues without ANY "Issues" repo permissions by utilizing "Pull Request" permissions
Medium
G
GitHub
Submitted None
Team Summary
Official summary from GitHub
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. [CVE-2023-51380](https://nvd.nist.gov/vuln/detail/CVE-2023-51380)
Actions:
Reported by
archangel
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Access Control - Generic