Lucene search
PRIOn knowledge basePRION:CVE-2023-23764HistoryJul 27, 2023 - 9:15 p.m.
Spoofing
2023-07-2721:15:00
PRIOn knowledge base
www.prio-n.com
1
github enterprise server
incorrect comparison vulnerability
commit smuggling
pull request ui
write access
github bug bounty program
nvd.
0.001 Low
EPSS
Percentile
24.0%
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.
| CPE | Name | Operator | Version |
|---|---|---|---|
| enterprise_server | eq | 3.9.0 | |
| enterprise_server | ge | 3.8.0 | |
| enterprise_server | lt | 3.8.2 | |
| enterprise_server | ge | 3.7.0 | |
| enterprise_server | lt | 3.7.9 |
Related
hackerone
hackerone
GitHub: Smuggling content in PR with refs/replace in GitHub
2023-04-07 10:44:55
cve
cve
CVE-2023-23764
2023-07-27 21:15:10
cvelist
cvelist
nvd
nvd
CVE-2023-23764
2023-07-27 21:15:10