← Zuruck zu CVEs
CVE-2022-46255
CRITICAL9.8
Beschreibung
An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht12/14/2022
Zuletzt geandert4/22/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
github:enterprise_server
Schwachen (CWE)
CWE-22CWE-22
Referenzen
https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1(product-cna@github.com)
https://docs.github.com/en/enterprise-server%403.7/admin/release-notes#3.7.1(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.