An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program.
Metrics
Affected Vendors & Products
References
History
Tue, 24 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: GitHub_P
Published: 2023-09-22T14:18:49.735Z
Updated: 2024-09-24T14:29:38.315Z
Reserved: 2023-01-17T20:40:37.555Z
Link: CVE-2023-23766
Vulnrichment
Updated: 2024-08-02T10:42:25.887Z
NVD
Status : Modified
Published: 2023-09-22T15:15:10.557
Modified: 2024-11-21T07:46:47.573
Link: CVE-2023-23766
Redhat
No data.