CVE-2023-23765

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .

Published: Aug 31, 2023
Updated: Sep 6, 2023
CVE: CVE-2023-23765
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWEs:

CWE-697

Affected Software
References

Software	From	Fixed in
github / enterprise_server	3.9.0	3.9.0.x
github / enterprise_server	3.8.0	3.8.6
github / enterprise_server	3.7.0	3.7.13
github / enterprise_server	3.6.0	3.6.16

https://docs.github.com/en/[email protected]/admin/release-notes#3.6.16
https://docs.github.com/en/[email protected]/admin/release-notes#3.7.13
https://docs.github.com/en/[email protected]/admin/release-notes#3.8.9
https://docs.github.com/en/[email protected]/admin/release-notes#3.9.1

Vulnerability Database

289,697

CVE-2023-23765