CVE-2023-23767 in GitHub
Summary
by MITRE • 10/25/2023
Incorrect Permission Assignment for Critical Resource in GitHub Enterprise Server that allowed local operating system user accounts to read MySQL connection details including the MySQL password via configuration files. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.7.18, 3.8.11, 3.9.6, and 3.10.3.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 10/25/2023
The vulnerability identified as CVE-2023-23767 represents a critical permission assignment flaw within GitHub Enterprise Server that fundamentally compromised the security of database credentials. This issue allowed local operating system users to access MySQL connection details through configuration files, creating a severe privilege escalation vector that could be exploited by attackers with local system access. The flaw specifically targeted the improper handling of file permissions for sensitive configuration files containing database authentication information, including passwords that were stored in plaintext within these accessible locations.
The technical implementation of this vulnerability stems from inadequate access control mechanisms within the GitHub Enterprise Server infrastructure. When configuration files containing MySQL connection parameters were created or modified, they were not properly secured with restrictive file permissions that would prevent unauthorized local users from reading their contents. This misconfiguration resulted in a direct exposure of database credentials that should have remained protected within the system's security boundaries. The vulnerability manifests as a failure in the principle of least privilege, where sensitive operational data is accessible to users who should not have such access rights.
From an operational impact perspective, this vulnerability creates significant risk exposure for organizations using GitHub Enterprise Server deployments. Local users who gain access to the system through any means can immediately retrieve database passwords and connection details, potentially enabling them to establish unauthorized database connections and perform malicious activities such as data exfiltration, modification of repository data, or even complete database compromise. The impact extends beyond immediate credential theft, as these database credentials often provide access to critical operational data including user accounts, repository contents, and system configuration information that could facilitate further attacks.
The remediation for this vulnerability required specific version updates of GitHub Enterprise Server, with fixes implemented in versions 3.7.18, 3.8.11, 3.9.6, and 3.10.3. These updates addressed the underlying permission assignment issues by implementing proper file access controls for configuration files containing database credentials. Organizations should immediately upgrade to these patched versions to mitigate the risk. The vulnerability aligns with CWE-732 - Incorrect Permission Assignment for Critical Resource, which specifically addresses the failure to properly assign permissions to critical system resources, and represents a clear violation of the principle that sensitive data should be protected through appropriate access controls. From an attack framework perspective, this vulnerability would be categorized under the privilege escalation and credential access domains of the MITRE ATT&CK framework, potentially enabling attackers to move laterally within the system and establish persistent access through database compromise. The vulnerability underscores the importance of proper file system security practices and the need for regular security audits of configuration file permissions within enterprise software deployments.