Incorrect authorization check in GitHub Enterprise Server leading to escalation of privileges in GraphQL API requests from GitHub Apps using scoped user-to-server tokens
CVE-2022-23739

9.8CRITICAL

Key Information:

Vendor: Github
Status: Github Enterprise Server
Vendor: CVE Published:; 17 January 2023

Summary

An incorrect authorization vulnerability was discovered in GitHub Enterprise Server that enables privilege escalation through GraphQL API requests made by GitHub Apps. This issue allows an installed app in an organization to access and alter various organization-level resources independently of the provided permissions. Notably, resources tied to repositories—like repository contents, specific projects, issues, and pull requests—remained unaffected. All versions prior to 3.7.1 are susceptible to this vulnerability, which has been addressed in versions 3.3.16, 3.4.11, 3.5.8, 3.6.4, and 3.7.1 as part of GitHub's commitment to security.

Affected Version(s)

GitHub Enterprise Server 3.3 < 3.3.16

GitHub Enterprise Server 3.4 < 3.4.11

GitHub Enterprise Server 3.5 < 3.5.8

References

https://docs.github.com/en/enterprise-server%403.7/admin/...

https://docs.github.com/en/enterprise-server%403.3/admin/...

https://docs.github.com/en/enterprise-server%403.4/admin/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 17, 2023
Vulnerability Reserved
Jan 19, 2022

Credit

ahacker1