CVE-2022-23737

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.7

Description An improper privilege management issue was identified that allowed users with improper privileges to create or delete pages via the API. To exploit this, an attacker would need to be added to an organization's repo with write permissions. This issue was reported via the GitHub Bug Bounty program.

Recommendations For versions prior to 3.2.20, update to version 3.2.20 or later. For versions prior to 3.3.15, update to version 3.3.15 or later. For versions prior to 3.4.10, update to version 3.4.10 or later. For versions prior to 3.5.7, update to version 3.5.7 or later. For versions prior to 3.6.3, update to version 3.6.3 or later. As a temporary workaround, consider restricting access to the API for users with write permissions until a patch is applied.