CVE-2022-23741
published 2022-12-14CVE-2022-23741: An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner…
PriorityP343high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.10%
61.5th percentile
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github | enterprise_server | < 3.3.17 | 3.3.17 |
| github | enterprise_server | >= 3.4.0 < 3.4.12 | 3.4.12 |
| github | enterprise_server | >= 3.5.0 < 3.5.9 | 3.5.9 |
| github | enterprise_server | >= 3.6.0 < 3.6.5 | 3.6.5 |
| github | github_enterprise_server | >= 3.3 < 3.3.17 | 3.3.17 |
| github | github_enterprise_server | >= 3.4 < 3.4.12 | 3.4.12 |
| github | github_enterprise_server | >= 3.5 < 3.5.9 | 3.5.9 |
| github | github_enterprise_server | >= 3.6 < 3.6.5 | 3.6.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5
2022-12-14
Published