CVE-2022-23740

CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
Configurations

Configuration 1 (hide)

cpe:2.3:a:github:enterprise_server:3.7.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:44

Type Values Removed Values Added
References
  • {'url': 'https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1', 'name': 'https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1', 'tags': ['Release Notes', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1 -

30 Nov 2022, 18:11

Type Values Removed Values Added
First Time Github
Github enterprise Server
References (MISC) https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1 - (MISC) https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1 - Release Notes, Third Party Advisory
CPE cpe:2.3:a:github:enterprise_server:3.7.0:*:*:*:*:*:*:*
CWE CWE-88
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

23 Nov 2022, 18:32

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-23 18:15

Updated : 2023-12-10 14:48


NVD link : CVE-2022-23740

Mitre link : CVE-2022-23740

CVE.ORG link : CVE-2022-23740


JSON object : View

Products Affected

github

  • enterprise_server
CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')