Authorization

2022-12-1419:15:00

PRIOn knowledge base

www.prio-n.com

authorization

github

vulnerability

token escalation

admin privileges

bug bounty program

0.002 Low

EPSS

Percentile

55.5%

JSON

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.

CPENameOperatorVersion
enterprise_serverge3.6.0
enterprise_serverlt3.6.5
enterprise_serverge3.5.0
enterprise_serverlt3.5.9
enterprise_serverge3.4.0
enterprise_serverlt3.4.12
enterprise_serverlt3.3.17

Name	Operator	Version
enterprise_server	ge	3.6.0
enterprise_server	lt	3.6.5
enterprise_server	ge	3.5.0
enterprise_server	lt	3.5.9
enterprise_server	ge	3.4.0
enterprise_server	lt	3.4.12
enterprise_server	lt	3.3.17

References

docs.github.com/en/[email protected]/admin/release-notes

0.002 Low

EPSS

Percentile

55.5%

JSON

Related for PRION:CVE-2022-23741