CVE-2022-23740: 
GitHub Enterprise Server vulnerability analysis and mitigation

A critical vulnerability (CVE-2022-23740) was identified in GitHub Enterprise Server version 3.7.0, involving improper neutralization of argument delimiters in commands that could enable remote code execution. The vulnerability was discovered through the GitHub Bug Bounty program and was subsequently fixed in version 3.7.1. This security issue specifically affected organizations using GitHub Enterprise Server 3.7.0 and required the attacker to have permissions for creating and building GitHub Pages using GitHub Actions (CVE Details).

The vulnerability is classified as CWE-88, which relates to argument injection or modification. The issue stems from improper neutralization of argument delimiters in commands within the GitHub Enterprise Server environment, specifically affecting the GitHub Pages building process through GitHub Actions (NVD CNA).

If successfully exploited, this vulnerability could lead to remote code execution on affected GitHub Enterprise Server instances. The impact is particularly significant for organizations using version 3.7.0 of GitHub Enterprise Server where attackers with appropriate permissions could potentially execute arbitrary code (CVE Details).

GitHub addressed this vulnerability by releasing version 3.7.1 of GitHub Enterprise Server. Organizations running version 3.7.0 should immediately upgrade to version 3.7.1 or later to mitigate this security risk (GitHub Docs).