Rewterz Threat Advisory – Multiple IBM MQ Appliance Vulnerabilities
April 6, 2022Rewterz Threat Alert – AcidRain Wiper – Active IOCs – Russian-Ukrainian Cyber Warfare
April 6, 2022Rewterz Threat Advisory – Multiple IBM MQ Appliance Vulnerabilities
April 6, 2022Rewterz Threat Alert – AcidRain Wiper – Active IOCs – Russian-Ukrainian Cyber Warfare
April 6, 2022Severity
High
Analysis Summary
CVE-2022-23732
GitHub Enterprise Server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a path traversal flaw leads to the bypass of CSRF protections in the Management Console. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
Impact
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2022-23732
Affected Vendors
GitHUB
Affected Products
- GitHub Enterprise Server 3.1
- GitHub Enterprise Server 3.2
- GitHub Enterprise Server 3.3
- GitHub Enterprise Server 3.4
Remediation
Refer to GitHub Web site for patch, upgrade, or suggested workaround information.