[PATs] Token with Read-Only permissions on Issues able to modify issue comments using content write permission
Medium
G
GitHub
Submitted None
Team Summary
Official summary from GitHub
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required `contents:write` and `issues:read` permissions. [CVE-2023-51379](https://nvd.nist.gov/vuln/detail/CVE-2023-51379)
Actions:
Reported by
archangel
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Access Control - Generic