{"vulnerability": "CVE-2022-2373", "sightings": [{"uuid": "cf17adb1-fd6f-4c01-a542-134697e67c7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23738", "type": "seen", "source": "https://t.me/cibsecurity/52403", "content": "\u203c CVE-2022-23738 \u203c\n\nAn improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to create a public repository, and have a site administrator visit a specially crafted URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-01T21:18:57.000000Z"}, {"uuid": "94160bd0-633d-449e-894c-841d9aa9f057", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23731", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1687", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aWAMpage - A WebOS root LPE exploit chain (CVE-2022-23731)\nURL\uff1ahttps://github.com/DavidBuchanan314/WAMpage\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-03-19T16:27:10.000000Z"}, {"uuid": "ec7f3f68-063c-422a-88f8-9ef4b4c4cf5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23734", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15752", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23734\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported via the GitHub Bug Bounty program.\n\ud83d\udccf Published: 2022-10-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-09T14:50:32.354Z\n\ud83d\udd17 References:\n1. https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11\n2. https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6\n3. https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3\n4. https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.16", "creation_timestamp": "2025-05-09T15:25:44.000000Z"}, {"uuid": "6b8ab5e8-c4fd-4c68-b881-48413f96d51e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23731", "type": "published-proof-of-concept", "source": "https://t.me/AnonCyberWarrior/603", "content": "CVE-2022-23731 : WAMpage - A WebOS root LPE exploit chain \n\nhttps://github.com/DavidBuchanan314/WAMpage\n\nT.me/AnonCyberWarrior", "creation_timestamp": "2022-11-08T21:14:56.000000Z"}, {"uuid": "eb2db79e-3133-4de9-92ef-9a2c585263c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23739", "type": "seen", "source": "https://t.me/cibsecurity/56607", "content": "\u203c CVE-2022-23739 \u203c\n\nAn incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that are not tied to a repository regardless of granted permissions, such as users and organization-wide projects. Resources associated with repositories were not impacted, such as repository file content, repository-specific projects, issues, or pull requests. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7.1 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, 3.6.4, 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-17T22:15:21.000000Z"}, {"uuid": "631192de-ff61-417d-9311-921e6d6f9d9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23734", "type": "seen", "source": "https://t.me/cibsecurity/51783", "content": "\u203c CVE-2022-23734 \u203c\n\nA deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T18:15:19.000000Z"}, {"uuid": "a64d4509-80d5-4116-a168-835cac859202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2373", "type": "seen", "source": "https://t.me/cibsecurity/49002", "content": "\u203c CVE-2022-2373 \u203c\n\nThe Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-29T22:34:25.000000Z"}, {"uuid": "faf9ba23-d840-41a9-917d-2ebeb13412b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23731", "type": "seen", "source": "https://t.me/cibsecurity/38815", "content": "\u203c CVE-2022-23731 \u203c\n\nV8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-11T20:15:24.000000Z"}]}