Lucene search
GitHub_PCVELIST:CVE-2022-23740HistoryNov 23, 2022 - 12:00 a.m.
CVE-2022-23740 Improper Neutralization of Argument Delimiters in a Command in GitHub Enterprise Server leading to Remote Code Execution
2022-11-2300:00:00
CWE-88
GitHub_P
www.cve.org
1
cve-2022-23740
remote code execution
github enterprise server
command vulnerability
github actions
github bug bounty
0.002 Low
EPSS
Percentile
60.6%
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
CNA Affected
[
{
"vendor": "GitHub",
"product": "GitHub Enterprise Server",
"versions": [
{
"version": "3.7",
"status": "affected",
"lessThan": "3.7.1",
"versionType": "custom"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2022-11-23 18:15:00
cve
cve
CVE-2022-23740
2022-11-23 18:15:11
nvd
nvd
CVE-2022-23740
2022-11-23 18:15:11