CVE-2022-23732
HIGHGitHub Enterprise Server < 3.1.19 - Path Traversal and CSRF Bypass in Management Console
Title source: llmDescription
A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program.
References (4)
Core 4
Core References
Various Sources x_refsource_misc
https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.19
Various Sources x_refsource_misc
https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.11
Various Sources x_refsource_misc
https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.6
Various Sources x_refsource_misc
https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.1
Scores
CVSS v3
8.8
EPSS
0.0162
EPSS Percentile
72.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
CWE-23
Status
published
Products (1)
github/enterprise_server
< 3.1.19
Published
Apr 05, 2022
Tracked Since
Feb 18, 2026