August 22, 2024 at 02:00AM
GitHub has addressed three security flaws in its Enterprise Server product, including a critical bug (CVE-2024-6800) that could grant an attacker site administrator privileges. Two medium-severity flaws have also been resolved (CVE-2024-7711, CVE-2024-6337). Users are urged to update to the latest versions (3.13.3, 3.12.8, 3.11.14, and 3.10.16) to mitigate potential threats.
From the meeting notes, it is clear that GitHub has released fixes for three security flaws impacting its Enterprise Server product, including one critical bug that could allow an attacker to gain site administrator privileges. The most severe vulnerability has a CVE identifier of CVE-2024-6800 and carries a CVSS score of 9.5.
Additionally, GitHub has addressed two medium-severity flaws, with CVE identifiers CVE-2024-7711 and CVE-2024-6337, with respective CVSS scores of 5.3 and 5.9.
All three security vulnerabilities have been resolved in GHES versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16.
It is important for organizations running a vulnerable self-hosted version of GHES to update to the latest version in order to safeguard against potential security threats.
For more exclusive content, it is suggested to follow GitHub on Twitter and LinkedIn.