CVE-2023-23766

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Sep 22, 2023

Updated: Sep 25, 2023

CWE ID 697

Summary

CVE-2023-23766 is an incorrect comparison vulnerability discovered in GitHub Enterprise Server. It allows for commit smuggling by displaying a deceptive diff in a re-opened Pull Request. An attacker must have write access to the repository to exploit this vulnerability. All versions of GitHub Enterprise Server were impacted, but it was patched in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported to GitHub through their Bug Bounty program.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/swv1C-
https://www.cve.org/CVERecord?id=CVE-2023-23766
https://nvd.nist.gov/vuln/detail/CVE-2023-23766

Back to Vulnerability Database

CVE-2023-23766

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations