{"vulnerability": "cve-2023-2376", "sightings": [{"uuid": "aa90f042-96ca-43cf-bc98-f60a4edc3edd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23765", "type": "seen", "source": "https://t.me/cibsecurity/69495", "content": "\u203c CVE-2023-23765 \u203c\n\nAn incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, an attacker would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-31T02:26:01.000000Z"}, {"uuid": "dc8d5aab-a287-4c1d-9282-190b3780f272", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23763", "type": "seen", "source": "https://t.me/cibsecurity/69652", "content": "\u203c CVE-2023-23763 \u203c\n\nAn authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-01T18:13:54.000000Z"}, {"uuid": "048ecc06-26be-4851-828d-269ccdd61436", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2376", "type": "seen", "source": "https://t.me/cibsecurity/63079", "content": "\u203c CVE-2023-2376 \u203c\n\nA vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227652.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-28T20:27:27.000000Z"}, {"uuid": "62a3885c-2030-4553-943a-dadb8a1c6cd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23760", "type": "seen", "source": "https://t.me/cibsecurity/59690", "content": "\u203c CVE-2023-23760 \u203c\n\nA path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-08T22:24:03.000000Z"}, {"uuid": "fbe0728e-39bf-45bb-aea0-3525291e4fc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23766", "type": "seen", "source": "https://t.me/cibsecurity/70946", "content": "\u203c CVE-2023-23766 \u203c\n\nAn incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-22T18:31:49.000000Z"}, {"uuid": "41119431-2bfb-4eb5-a7ad-6d7e86b56ec1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23762", "type": "seen", "source": "https://t.me/cibsecurity/61699", "content": "\u203c CVE-2023-23762 \u203c\n\nAn incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it\u00e2\u20ac\u2122s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-07T22:28:09.000000Z"}, {"uuid": "54fb26c0-d0f2-4baf-a722-cf78aca13b27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23761", "type": "seen", "source": "https://t.me/cibsecurity/61695", "content": "\u203c CVE-2023-23761 \u203c\n\nAn improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist\u00e2\u20ac\u2122s URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-07T22:28:04.000000Z"}]}