How severe is CVE-2022-23738?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2022-23738?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2022-23738 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to create a public repository, and have a site administrator visit a specially crafted URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program.

Related Vulnerabilities

CVE-2012-1994

MEDIUM

CVSS:5.7(Medium)

HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information

CWE-2002012

CVE-2016-3037

MEDIUM

CVSS:5.7(Medium)

IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X...

CWE-2002016

CVE-2016-5602

MEDIUM

CVSS:5.7(Medium)

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect...

CWE-2002016

CVE-2017-1214

MEDIUM

CVSS:5.7(Medium)

IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854.

CWE-2002017

CVE-2017-20101

MEDIUM

CVSS:5.7(Medium)

A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file ...

CWE-2002017

CVE-2017-3292

MEDIUM

CVSS:5.7(Medium)

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploi...

CWE-2002017