VYPR
Unrated severityNVD Advisory· Published Dec 14, 2022· Updated Apr 22, 2025

Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access

CVE-2022-23741

Description

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • GitHub/Enterprise Serverllm-fuzzy2 versions
    <3.3.17, >=3.3.0 <3.4.12, >=3.4.0 <3.5.9, >=3.5.0 <3.6.5+ 1 more
    • (no CPE)range: <3.3.17, >=3.3.0 <3.4.12, >=3.4.0 <3.5.9, >=3.5.0 <3.6.5
    • (no CPE)range: 3.3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.