CVE-2023-23764 Vulnerability Details

  /     /     /  

CVE-2023-23764 Metadata Quick Info

CVE Published: 27/07/2023 | CVE Updated: 16/10/2024 | CVE Year: 2023
Source: GitHub_P | Vendor: GitHub | Product: Enterprise Server
Status : PUBLISHED

---

CVE-2023-23764 Description

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.

Metrics

CVSS Version: 3.1 | Base Score: 4.8 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* HIGH
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* HIGH
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-697
CWE Name: CWE-697
Source: GitHub

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: CWE-697


Source: NVD (National Vulnerability Database).