An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.
History

Wed, 16 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_P

Published: 2023-07-27T20:45:19.973Z

Updated: 2024-10-16T20:11:49.691Z

Reserved: 2023-01-17T20:40:37.554Z

Link: CVE-2023-23764

cve-icon Vulnrichment

Updated: 2024-08-02T10:42:25.871Z

cve-icon NVD

Status : Modified

Published: 2023-07-27T21:15:10.347

Modified: 2024-11-21T07:46:47.310

Link: CVE-2023-23764

cve-icon Redhat

No data.