Vulnerability Description
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Github | Enterprise Server | >= 3.7.0, < 3.7.9 |
Related Weaknesses (CWE)
References
- https://docs.github.com/en/[email protected]/admin/release-notes#3.7.9Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.8.2Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.9.1Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.7.9Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.8.2Release Notes
- https://docs.github.com/en/[email protected]/admin/release-notes#3.9.1Release Notes
FAQ
What is CVE-2023-23764?
CVE-2023-23764 is a vulnerability with a CVSS score of 4.8 (MEDIUM). An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker ...
How severe is CVE-2023-23764?
CVE-2023-23764 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-23764?
Check the references section above for vendor advisories and patch information. Affected products include: Github Enterprise Server.