37 matches found
PT-2023-19190 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server affected versions not specified Description: An incorrect comparison issue was identified that allows commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this, an attacker needs...
CVE-2023-23764
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server...
CVE-2023-23764
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server...
Spoofing
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server...
CVE-2023-23764 Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server...
CVE-2023-23764
CVE-2023-23764 affects GitHub Enterprise Server (versions 3.7.0 and later) with an incorrect comparison in the PR UI that could enable commit smuggling by displaying an incorrect diff. Exploitation requires write access to the target repository. Affected versions were fixed in 3.7.9, 3.8.2, and 3...
CVE-2023-23764 Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server...
PT-2023-19189 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.7.0 through 3.7.8 GitHub Enterprise Server versions 3.8.0 through 3.8.1 GitHub Enterprise Server versions 3.9.0 Description: An incorrect comparison issue was identified that allowed commit smuggling,...
GitHub: Git Reference Ambiguity in GitHub - Commit Smuggling, Account Takeover, and Remote Code Execution
A vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling due to an incorrect diff comparison in re-opened pull requests. This affected all versions of GitHub Enterprise Server and was fixed in newer releases...
GitHub: Smuggling content in PR with refs/replace in GitHub
An incorrect comparison vulnerability was found in GitHub Enterprise Server, allowing commit smuggling through the display of an incorrect diff in the GitHub pull request UI. This vulnerability required write access to the repository and affected versions 3.7.0 and above. It was fixed in versions...
CVE-2023-23762
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code...
Code injection
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code...
CVE-2023-23762 Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code...
CVE-2023-23762
CVE-2023-23762 describes an incorrect comparison vulnerability in GitHub Enterprise Server that enables commit smuggling by displaying an incorrect diff. An attacker would need write access to a repository and must correctly guess the target branch before it’s created by the maintainer. The issue...
CVE-2023-23762 Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code...
PT-2023-19187 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.9 Description: An incorrect comparison issue was identified in GitHub Enterprise Server, allowing commit smuggling by displaying an incorrect diff. An attacker would need write access to the...
GitHub: Rogue collaborators and ambiguous branch names in GitHub
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling. This affected all versions prior to 3.9 and was fixed in later versions...