View Repo and Title of Any Private Check Run
Medium
G
GitHub
Submitted None
Team Summary
Official summary from GitHub
Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. [CVE-2023-46646](https://nvd.nist.gov/vuln/detail/CVE-2023-46646)
Actions:
Reported by
ahacker1
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$4000.00
Submitted
Weakness
Insecure Direct Object Reference (IDOR)