CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-23766 – Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
https://notcve.org/view.php?id=CVE-2023-23766
22 Sep 2023 — An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program. Se identificó una vulnerabilidad de comparación incorrecta en GitHub En... • https://docs.github.com/enterprise-server@3.10/admin/release-notes#3.10.1 • CWE-697: Incorrect Comparison •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-23763 – Information disclosure in GitHub Enterprise Server leading to private repository leakage
https://notcve.org/view.php?id=CVE-2023-23763
01 Sep 2023 — An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program. Se ha identificado una vulnerabilidad de autorización/divulgación de información ... • https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.18-security-fixes • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-23765 – Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
https://notcve.org/view.php?id=CVE-2023-23765
30 Aug 2023 — An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ . Se identificó una vulnerabilidad de comparación incorrecta en GitHub Enterprise Server que permitía el contrabando de commits mostrando un diff incorrecto en u... • https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.16 • CWE-697: Incorrect Comparison •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23764 – Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
https://notcve.org/view.php?id=CVE-2023-23764
27 Jul 2023 — An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program. • https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.9 • CWE-697: Incorrect Comparison •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37463 – Quadratic complexity bugs may lead to a denial of service
https://notcve.org/view.php?id=CVE-2023-37463
13 Jul 2023 — cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12. • https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.12 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-36867 – Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36867
11 Jul 2023 — Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36867 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-23762 – Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
https://notcve.org/view.php?id=CVE-2023-23762
07 Apr 2023 — An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty pro... • https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.18 • CWE-697: Incorrect Comparison •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-23761 – Improper authentication vulnerability in GitHub Enterprise Server leading to modification of secret gists
https://notcve.org/view.php?id=CVE-2023-23761
07 Apr 2023 — An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist's URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program. • https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.18 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24824 – Quadratic complexity may lead to a denial of service in cmark-gfm
https://notcve.org/view.php?id=CVE-2023-24824
31 Mar 2023 — cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. • https://github.com/github/cmark-gfm/commit/2300c1bd2c8226108885bf019655c4159cf26b59 • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26485 – Quadratic complexity may lead to a denial of service in cmark-gfm
https://notcve.org/view.php?id=CVE-2023-26485
31 Mar 2023 — cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `_` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. • https://github.com/github/cmark-gfm/commit/07a66c9bc341f902878e37d7da8647d6ef150987 • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •