CVE-2022-23734

Deserialization of Untrusted Data vulnerability in GitHub Enterprise Server leading to Remote Code Execution

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported via the GitHub Bug Bounty program.

Se ha identificado una vulnerabilidad de deserialización de datos no fiables en GitHub Enterprise Server que podría conllevar la ejecución de código remota en el SVNBridge. Para explotar esta vulnerabilidad, un atacante necesitaría conseguir acceso por medio de un ataque de tipo server-side request forgery (SSRF) que permitiría al atacante controlar los datos que están siendo de serializados. Esta vulnerabilidad afectaba a todas las versiones de GitHub Enterprise Server anteriores a v3.6 y fue corregida en versiones 3.5.3, 3.4.6, 3.3.11 y 3.2.16. Esta vulnerabilidad fue reportada por medio del programa GitHub Bug Bounty

*Credits: Alex Chapman

CVSS Scores

NISTv3.1 8.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-01-19 CVE Reserved
2022-10-19 CVE Published
2024-08-03 CVE Updated
2024-09-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-502: Deserialization of Untrusted Data

CAPEC

References (4)

URL	Tag	Source
https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.16
https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11
https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6
https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Github Search vendor "Github"		Enterprise Server Search vendor "Github" for product "Enterprise Server"				< 3.2.16 Search vendor "Github" for product "Enterprise Server" and version " < 3.2.16"		-		Affected
Github Search vendor "Github"		Enterprise Server Search vendor "Github" for product "Enterprise Server"				>= 3.3.0 < 3.3.11 Search vendor "Github" for product "Enterprise Server" and version " >= 3.3.0 < 3.3.11"		-		Affected
Github Search vendor "Github"		Enterprise Server Search vendor "Github" for product "Enterprise Server"				>= 3.4.0 < 3.4.6 Search vendor "Github" for product "Enterprise Server" and version " >= 3.4.0 < 3.4.6"		-		Affected
Github Search vendor "Github"		Enterprise Server Search vendor "Github" for product "Enterprise Server"				>= 3.5.0 < 3.5.3 Search vendor "Github" for product "Enterprise Server" and version " >= 3.5.0 < 3.5.3"		-		Affected