Design/Logic Flaw

2023-08-3023:15:00

PRIOn knowledge base

www.prio-n.com

incorrect comparison

github enterprise server

vulnerability

commit smuggling

write access

bug bounty program

nvd

0.001 Low

EPSS

Percentile

26.0%

JSON

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .

CPENameOperatorVersion
enterprise_servereq3.9.0
enterprise_serverge3.8.0
enterprise_serverlt3.8.6
enterprise_serverge3.7.0
enterprise_serverlt3.7.13
enterprise_serverge3.6.0
enterprise_serverlt3.6.16

Name	Operator	Version
enterprise_server	eq	3.9.0
enterprise_server	ge	3.8.0
enterprise_server	lt	3.8.6
enterprise_server	ge	3.7.0
enterprise_server	lt	3.7.13
enterprise_server	ge	3.6.0
enterprise_server	lt	3.6.16

References

docs.github.com/en/[email protected]/admin/release-notes

0.001 Low

EPSS

Percentile

26.0%

JSON

Related for PRION:CVE-2023-23765