An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.
Metrics
Affected Vendors & Products
References
History
Wed, 16 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: GitHub_P
Published: 2023-07-27T20:45:19.973Z
Updated: 2024-10-16T20:11:49.691Z
Reserved: 2023-01-17T20:40:37.554Z
Link: CVE-2023-23764
Vulnrichment
Updated: 2024-08-02T10:42:25.871Z
NVD
Status : Modified
Published: 2023-07-27T21:15:10.347
Modified: 2024-11-21T07:46:47.310
Link: CVE-2023-23764
Redhat
No data.