Lucene search
GitHub_PCVELIST:CVE-2022-46258HistoryJan 09, 2023 - 12:00 a.m.
CVE-2022-46258 Incorrect Authorization in GitHub Enterprise Server leads to Action Workflow modifications without Workflow Scope
2023-01-0900:00:00
CWE-863
GitHub_P
www.cve.org
github enterprise server
authorization
action workflow
workflow scope
vulnerability
repository
token
api
bug bounty
0.001 Low
EPSS
Percentile
47.4%
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability affected all versions of GitHub Enterprise Server prior to version 3.7 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, and 3.6.4. This vulnerability was reported via the GitHub Bug Bounty program.
CNA Affected
[
{
"vendor": "GitHub",
"product": "GitHub Enterprise Server",
"versions": [
{
"version": "3.3",
"status": "affected",
"lessThan": "3.3.16",
"versionType": "custom"
},
{
"version": "3.4",
"status": "affected",
"lessThan": "3.4.11",
"versionType": "custom"
},
{
"version": "3.5",
"status": "affected",
"lessThan": "3.5.8",
"versionType": "custom"
},
{
"version": "3.6",
"status": "affected",
"lessThan": "3.6.4",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2022-46258
2023-01-09 17:15:10
cve
cve
CVE-2022-46258
2023-01-09 17:15:10
prion
prion
Authorization
2023-01-09 17:15:00