CVE-2023-23765
published 2023-08-30CVE-2023-23765: An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened…
PriorityP337medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.48%
38.1th percentile
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github | enterprise_server | — | — |
| github | enterprise_server | >= 3.6.0 < 3.6.16 | 3.6.16 |
| github | enterprise_server | >= 3.7.0 < 3.7.13 | 3.7.13 |
| github | enterprise_server | >= 3.8.0 < 3.8.6 | 3.8.6 |
| github | enterprise_server | >= 3.9.0 < 3.9.1 | 3.9.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://docs.github.com/en/[email protected]/admin/release-notes#3.6.16https://docs.github.com/en/[email protected]/admin/release-notes#3.7.13https://docs.github.com/en/[email protected]/admin/release-notes#3.8.9https://docs.github.com/en/[email protected]/admin/release-notes#3.9.1https://docs.github.com/en/[email protected]/admin/release-notes#3.6.16https://docs.github.com/en/[email protected]/admin/release-notes#3.7.13https://docs.github.com/en/[email protected]/admin/release-notes#3.8.9https://docs.github.com/en/[email protected]/admin/release-notes#3.9.1
2023-08-30
Published