VDB
CVE-2022-23738
CVE-2022-23738
PUBLISHED
Es existiert eine Schwachstelle in Microsoft GitHub Enterprise. Der Fehler basiert darauf, dass Daten von einem privaten Repository in ein öffentliches Repository übertragen werden können. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen. Zur erfolgreichen Ausnutzung muss ein Administrator einen speziell manipulierten Link anklicken.
EPSS 0.35% · 57.8th percentile
Risk Scores
EPSS Score
0.35%
57.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | Amazon Linux 2 | |
| SUSE | SUSE Linux | |
| Fedora | Fedora Linux |
Exploit Intelligence
- https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.20 (circl)
- https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.15 (circl)
- https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.10 (circl)
- https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.7 (circl)
- https://docs.github.com/en/enterprise-server%403.6/admin/release-notes#3.6.3 (circl)
Timeline
- Nov 1, 2022 CVE Published
- Nov 2, 2022 EPSS Score
- Dec 15, 2022 EPSS Score
- Jan 28, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 12, 2023 EPSS Score
- Apr 24, 2023 EPSS Score
- Jun 6, 2023 EPSS Score
- Jul 20, 2023 EPSS Score
- Sep 1, 2023 EPSS Score
- Oct 14, 2023 EPSS Score
- Nov 26, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1935.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1935 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-d1e9e62a92 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-23738 advisory
- https://github.com/advisories/GHSA-wq4h-7r42-5hrr advisory
- https://github.com/advisories/GHSA-xh29-r2w5-wx8m advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-November/012823.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-November/012945.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-November/012946.html advisory
- https://alas.aws.amazon.com/ALAS-2022-1648.html advisory