An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program.
History

Tue, 24 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_P

Published: 2023-09-22T14:18:49.735Z

Updated: 2024-09-24T14:29:38.315Z

Reserved: 2023-01-17T20:40:37.555Z

Link: CVE-2023-23766

cve-icon Vulnrichment

Updated: 2024-08-02T10:42:25.887Z

cve-icon NVD

Status : Modified

Published: 2023-09-22T15:15:10.557

Modified: 2024-11-21T07:46:47.573

Link: CVE-2023-23766

cve-icon Redhat

No data.