GitHub Enterprise Server 3.7.0
Approved changes feed: RSS · Atom
cpe:2.3:a:github:enterprise_server:3.7.0:*:*:*:*:*:*:*
part: a version: 3.7.0 update: *
| Vendor | Github (b5027ca2-9bb9-532e-8779-8399b14c3e3b) |
|---|---|
| Product | Enterprise Server (be636c4e-08d4-5a4d-9a30-88523db2c7b7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-46255 |
vulnerable | 2026-06-03 14:48:25.757411 |
Improper Limitation of a Pathname to a Restricted Directory in GitHub Enterprise Server leading to RCE
An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
Published: 2022-12-14T00:00:00.000Z
Updated: 2025-04-22T15:58:08.645Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-23740 |
vulnerable | 2026-06-03 14:46:28.183786 |
Improper Neutralization of Argument Delimiters in a Command in GitHub Enterprise Server leading to Remote Code Execution
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
Published: 2022-11-23T00:00:00.000Z
Updated: 2025-04-28T14:18:58.847Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-23739 |
vulnerable | 2026-06-03 14:46:28.183347 |
Incorrect authorization check in GitHub Enterprise Server leading to escalation of privileges in GraphQL API requests from GitHub Apps using scoped user-to-server tokens
An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that are not tied to a repository regardless of granted permissions, such as users and organization-wide projects. Resources associated with repositories were not impacted, such as repository file content, repository-specific projects, issues, or pull requests. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7.1 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, 3.6.4, 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
Published: 2023-01-17T00:00:00.000Z
Updated: 2025-04-08T20:17:33.773Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.