Lucene search
GitHub_PCVELIST:CVE-2022-23732HistoryApr 05, 2022 - 12:10 a.m.
CVE-2022-23732 Path traversal in GitHub Enterprise Server management console leading to a bypass of CSRF protections
2022-04-0500:10:11
CWE-23
GitHub_P
www.cve.org
A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program.
CNA Affected
[
{
"product": "GitHub Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"lessThan": "3.1.19",
"status": "affected",
"version": "3.1",
"versionType": "custom"
},
{
"lessThan": "3.2.11",
"status": "affected",
"version": "3.2",
"versionType": "custom"
},
{
"lessThan": "3.3.6",
"status": "affected",
"version": "3.3",
"versionType": "custom"
},
{
"lessThan": "3.4.1",
"status": "affected",
"version": "3.4",
"versionType": "custom"
}
]
}
]Related
hackerone
hackerone
GitHub: CSRF protection bypass in GitHub Enterprise management console
2022-03-02 02:02:11
prion
prion
Path traversal
2022-04-05 00:15:00
nvd
nvd
CVE-2022-23732
2022-04-05 00:15:17
cve
cve
CVE-2022-23732
2022-04-05 00:15:17