One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 8315146 |
| Date de publication | 2023-03-02 21:15:10 (vue: 2023-03-03 00:06:57) |
| Titre | CVE-2023-22381 |
| Texte | A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to control the value of environment variables for use with GitHub Actions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.8.0 and was fixed in versions 3.4.15, 3.5.12, 3.6.8, 3.7.5. This vulnerability was reported via the GitHub Bug Bounty program. |
| Notes | |
| Envoyé | Oui |
| Condensat | 2023 22381 actions affected all allowed arbitrary attacker based bounty bug code control cve enterprise environment existing exploit fixed from github identified injection need permission prior program reported runner server setting single use using value variable variables versions vulnerability when windows would |
| Tags | Vulnerability |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.