PT-2022-16241 · Github · Github Enterprise Server
Ahacker1
·
Published
2022-11-01
·
Updated
2022-11-02
·
CVE-2022-23738
CVSS v3.1
5.7
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitHub Enterprise Server versions prior to 3.6
Description
An improper cache key issue was identified that allowed unauthorized access to private repository files through a public repository. To exploit this, an actor would need to be authorized on the GitHub Enterprise Server instance, create a public repository, and have a site administrator visit a specially crafted URL.
Recommendations
For versions prior to 3.2.20, update to version 3.2.20 or later.
For versions prior to 3.3.15, update to version 3.3.15 or later.
For versions prior to 3.4.10, update to version 3.4.10 or later.
For versions prior to 3.5.7, update to version 3.5.7 or later.
For versions prior to 3.6.3, update to version 3.6.3 or later.
Fix
Information Disclosure
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Github Enterprise Server