cbcvebase.
CVE-2023-23765
published 2023-08-30

CVE-2023-23765: An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened…

PriorityP337medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.48%
38.1th percentile
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .

Affected

5 ranges
VendorProductVersion rangeFixed in
githubenterprise_server
githubenterprise_server>= 3.6.0 < 3.6.163.6.16
githubenterprise_server>= 3.7.0 < 3.7.133.7.13
githubenterprise_server>= 3.8.0 < 3.8.63.8.6
githubenterprise_server>= 3.9.0 < 3.9.13.9.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.