Vulnerabilities > CVE-2022-23741 - Incorrect Authorization vulnerability in Github Enterprise Server

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
github
CWE-863
NVD
Published: 2022-12-14
Updated: 2024-11-21

Summary

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.

Vulnerable Configurations

Part Description Count
Application
Github
657

Common Weakness Enumeration (CWE)

References