PT-2022-16238 · Github · Github Enterprise Server
None
·
Published
2022-08-02
·
Updated
2022-08-06
·
CVE-2022-23733
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GitHub Enterprise Server versions prior to 3.6
Description
A stored XSS issue was identified, allowing the injection of arbitrary attributes, which was blocked by GitHub's Content Security Policy (CSP). This issue was reported via the GitHub Bug Bounty program.
Recommendations
For versions prior to 3.3.11, update to version 3.3.11 or later.
For versions prior to 3.4.6, update to version 3.4.6 or later.
For versions prior to 3.5.3, update to version 3.5.3 or later.
As a temporary workaround, consider restricting access to attributes that can be injected until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Github Enterprise Server