An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.
References
Link | Resource |
---|---|
https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.9 | Release Notes |
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.2 | Release Notes |
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.1 | Release Notes |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_P
Published: 2023-07-27T20:45:19.973Z
Updated: 2023-07-27T20:45:19.973Z
Reserved: 2023-01-17T20:40:37.554Z
Link: CVE-2023-23764
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-27T21:15:10.347
Modified: 2023-08-03T15:39:17.430
Link: CVE-2023-23764
JSON object: View
Redhat Information
No data.
CWE