Unrated severityNVD Advisory· Published Dec 14, 2022· Updated Apr 22, 2025
Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access
CVE-2022-23741
Description
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<3.3.17, >=3.3.0 <3.4.12, >=3.4.0 <3.5.9, >=3.5.0 <3.6.5+ 1 more
- (no CPE)range: <3.3.17, >=3.3.0 <3.4.12, >=3.4.0 <3.5.9, >=3.5.0 <3.6.5
- (no CPE)range: 3.3
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.