cve-2022-23741
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 03:51
Severity ?
Summary
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.
References
product-cna@github.comhttps://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17
product-cna@github.comhttps://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12
product-cna@github.comhttps://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9
product-cna@github.comhttps://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5
af854a3a-2127-422b-91ae-364da2661108https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17
af854a3a-2127-422b-91ae-364da2661108https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12
af854a3a-2127-422b-91ae-364da2661108https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9
af854a3a-2127-422b-91ae-364da2661108https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5
Impacted products
Vendor Product Version
GitHub GitHub Enterprise Server Version: 3.3   < 3.3.17
Version: 3.4   < 3.4.12
Version: 3.5   < 3.5.9
Version: 3.6   < 3.6.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T03:51:46.025Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "GitHub Enterprise Server",
               vendor: "GitHub",
               versions: [
                  {
                     lessThan: "3.3.17",
                     status: "affected",
                     version: "3.3",
                     versionType: "custom",
                  },
                  {
                     lessThan: "3.4.12",
                     status: "affected",
                     version: "3.4",
                     versionType: "custom",
                  },
                  {
                     lessThan: "3.5.9",
                     status: "affected",
                     version: "3.5",
                     versionType: "custom",
                  },
                  {
                     lessThan: "3.6.5",
                     status: "affected",
                     version: "3.6",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Vaibhav Singh (@vaib25vicky)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-863",
                     description: "CWE-863",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-14T00:00:00",
            orgId: "82327ea3-741d-41e4-88f8-2cf9e791e760",
            shortName: "GitHub_P",
         },
         references: [
            {
               url: "https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17",
            },
            {
               url: "https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12",
            },
            {
               url: "https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9",
            },
            {
               url: "https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5",
            },
         ],
         source: {
            discovery: "EXTERNAL",
         },
         title: "Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access",
      },
   },
   cveMetadata: {
      assignerOrgId: "82327ea3-741d-41e4-88f8-2cf9e791e760",
      assignerShortName: "GitHub_P",
      cveId: "CVE-2022-23741",
      datePublished: "2022-12-14T00:00:00",
      dateReserved: "2022-01-19T00:00:00",
      dateUpdated: "2024-08-03T03:51:46.025Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2022-23741\",\"sourceIdentifier\":\"product-cna@github.com\",\"published\":\"2022-12-14T19:15:10.143\",\"lastModified\":\"2024-11-21T06:49:13.100\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.\"},{\"lang\":\"es\",\"value\":\"Se identificó una vulnerabilidad de autorización incorrecta en GitHub Enterprise Server que permitió que un token de usuario a servidor con alcance escalara a privilegios completos de administrador/propietario. Un atacante requeriría una cuenta con acceso de administrador para instalar una aplicación GitHub maliciosa. Esta vulnerabilidad se solucionó en las versiones 3.3.17, 3.4.12, 3.5.9 y 3.6.5. Esta vulnerabilidad se informó a través del programa GitHub Bug Bounty.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"product-cna@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.3.17\",\"matchCriteriaId\":\"DE758FE9-09D3-4EB9-AC38-D867282F15BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.4.0\",\"versionEndExcluding\":\"3.4.12\",\"matchCriteriaId\":\"0F3D1E90-878E-40C4-BF81-4875470E8E55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.5.0\",\"versionEndExcluding\":\"3.5.9\",\"matchCriteriaId\":\"84048F59-1F7B-40CF-8B8F-B74FE2F10A96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.6.0\",\"versionEndExcluding\":\"3.6.5\",\"matchCriteriaId\":\"73AE682C-600E-41D5-947D-4F69EEC202C8\"}]}]}],\"references\":[{\"url\":\"https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17\",\"source\":\"product-cna@github.com\"},{\"url\":\"https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12\",\"source\":\"product-cna@github.com\"},{\"url\":\"https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9\",\"source\":\"product-cna@github.com\"},{\"url\":\"https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5\",\"source\":\"product-cna@github.com\"},{\"url\":\"https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.