Security 5653/5549 update (#36270)

2023-04-07 14:21:23 -04:00 · 2023-04-07 14:21:23 -04:00 · 855f3b4b0f
--- a/data/release-notes/enterprise-server/3-4/18.yml
+++ b/data/release-notes/enterprise-server/3-4/18.yml
@ -1,5 +1,10 @@
 date: '2023-03-23'
 sections:
+  security_fixes:
+    - |
+      **HIGH**: Addressed an improper authentication vulnerability that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23761](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23761). [Updated: 2023-04-07]
+    - |
+      **MEDIUM**: Addressed an incorrect comparison vulnerability that allowed commit smuggling by displaying an incorrect diff. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23762](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23762). [Updated: 2023-04-07]
  bugs:
    - "In the Management Console's monitor dashboard, the `Cached Requests` and `Served Requests` graphs, which are retrieved by the `git fetch catching` command, did not display metrics for the instance."
    - After a site administrator exempted the **@github-actions\[bot]** user from rate limiting by using the `ghe-config app.github.rate-limiting-exempt-users "github-actions[bot]"` command, running `ghe-config-check` caused a `Validation is-valid-characterset failed` warning to appear. 
--- a/data/release-notes/enterprise-server/3-5/15.yml
+++ b/data/release-notes/enterprise-server/3-5/15.yml
@ -1,5 +1,10 @@
 date: '2023-03-23'
 sections:
+  security_fixes:
+    - |
+      **HIGH**: Addressed an improper authentication vulnerability that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23761](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23761). [Updated: 2023-04-07]
+    - |
+      **MEDIUM**: Addressed an incorrect comparison vulnerability that allowed commit smuggling by displaying an incorrect diff. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23762](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23762). [Updated: 2023-04-07]
  bugs:
    - "In the Management Console's monitor dashboard, the `Cached Requests` and `Served Requests` graphs, which are retrieved by the `git fetch catching` command, did not display metrics for the instance."
    - After a site administrator exempted the **@github-actions\[bot]** user from rate limiting by using the `ghe-config app.github.rate-limiting-exempt-users "github-actions[bot]"` command, running `ghe-config-check` caused a `Validation is-valid-characterset failed` warning to appear. 
--- a/data/release-notes/enterprise-server/3-6/11.yml
+++ b/data/release-notes/enterprise-server/3-6/11.yml
@ -1,5 +1,10 @@
 date: '2023-03-23'
 sections:
+  security_fixes:
+    - |
+      **HIGH**: Addressed an improper authentication vulnerability that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23761](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23761). [Updated: 2023-04-07]
+    - |
+      **MEDIUM**: Addressed an incorrect comparison vulnerability that allowed commit smuggling by displaying an incorrect diff. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23762](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23762). [Updated: 2023-04-07]
  bugs:
    - "In the Management Console's monitor dashboard, the `Cached Requests` and `Served Requests` graphs, which are retrieved by the `git fetch catching` command, did not display metrics for the instance."
    - After a site administrator exempted the **@github-actions\[bot]** user from rate limiting by using the `ghe-config app.github.rate-limiting-exempt-users "github-actions[bot]"` command, running `ghe-config-check` caused a `Validation is-valid-characterset failed` warning to appear. 
--- a/data/release-notes/enterprise-server/3-7/8.yml
+++ b/data/release-notes/enterprise-server/3-7/8.yml
@ -1,5 +1,10 @@
 date: '2023-03-23'
 sections:
+  security_fixes:
+    - |
+      **HIGH**: Addressed an improper authentication vulnerability that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23761](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23761). [Updated: 2023-04-07]
+    - |
+      **MEDIUM**: Addressed an incorrect comparison vulnerability that allowed commit smuggling by displaying an incorrect diff. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23762](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23762). [Updated: 2023-04-07]
  bugs:
    - |
      On an instance with GitHub Actions enabled, nested calls to reusable workflows within a reusable workflow job with a matrix correctly evaluate contexts within expressions, like `strategy: ${% raw %}{{ inputs.strategies }}{% endraw %}`.
--- a/data/release-notes/enterprise-server/3-8/1.yml
+++ b/data/release-notes/enterprise-server/3-8/1.yml
@ -1,5 +1,10 @@
 date: '2023-03-23'
 sections:
+  security_fixes:
+    - |
+      **HIGH**: Addressed an improper authentication vulnerability that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23761](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23761). [Updated: 2023-04-07]
+    - |
+      **MEDIUM**: Addressed an incorrect comparison vulnerability that allowed commit smuggling by displaying an incorrect diff. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-23762](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23762). [Updated: 2023-04-07]
  bugs:
    - On an instance with GitHub Actions enabled, a workflow job for GitHub Actions would not start if a matching runner group was unavailable when the job was initially queued, even if a matching runner group became available after the job entered the queue.
    - On an instance with GitHub Actions enabled, GitHub Actions will now properly execute after restoration of a deleted repository.