CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-23765 – Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
https://notcve.org/view.php?id=CVE-2023-23765
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ . Se identificó una vulnerabilidad de comparación incorrecta en GitHub Enterprise Server que permitía el contrabando de commits mostrando un diff incorrecto en un Pull Request reabierto. Para explotar esta vulnerabilidad, un atacante necesitaría acceso de escritura al repositorio. • https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.16 https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.13 https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9 https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.1 • CWE-697: Incorrect Comparison •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23764 – Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
https://notcve.org/view.php?id=CVE-2023-23764
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program. • https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.9 https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.2 https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.1 • CWE-697: Incorrect Comparison •
CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 0CVE-2023-32265 – Mitigations and availability of updates relating to security vulnerability in ESCWA component CVE-2023-32265.
https://notcve.org/view.php?id=CVE-2023-32265
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users’ permissions in the Micro Focus Directory Server also reduce the exposure to this issue. Given the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information. • https://portal.microfocus.com/s/article/KM000019323?language=en_US •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-23762 – Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
https://notcve.org/view.php?id=CVE-2023-23762
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program. • https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.18 https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.15 https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.11 https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.8 https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.1 • CWE-697: Incorrect Comparison •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-23761 – Improper authentication vulnerability in GitHub Enterprise Server leading to modification of secret gists
https://notcve.org/view.php?id=CVE-2023-23761
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist's URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program. • https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.18 https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.15 https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.11 https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.8 https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.1 • CWE-287: Improper Authentication •