7.1

CVE-2023-23764

EPSS 0.15%
Veröffentlicht 27.07.2023 21:15:10
Zuletzt bearbeitet 21.11.2024 07:46:47
Quelle product-cna@github.com
CVE-Watchlists
Login
Unerledigt
Login

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Github ≫ Enterprise Server Version >= 3.7.0 < 3.7.9

Github ≫ Enterprise Server Version >= 3.8.0 < 3.8.2

Github ≫ Enterprise Server Version3.9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.356

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	2.8	4.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
product-cna@github.com	4.8	0.5	4.2	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N

CWE-697 Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.9

Release Notes

https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.2

Release Notes

https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.1

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2023-23764

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-23764

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-23764

EUVD