GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges

August 22, 2024 at 02:00AM GitHub has addressed three security flaws in its Enterprise Server product, including a critical bug (CVE-2024-6800) that could grant an attacker site administrator privileges. Two medium-severity flaws have also been resolved (CVE-2024-7711, CVE-2024-6337). Users are urged to update to the latest versions (3.13.3, 3.12.8, 3.11.14, and 3.10.16) to mitigate potential … Read more

Critical Authentication Flaw Haunts GitHub Enterprise Server

August 21, 2024 at 12:54PM GitHub has issued a critical fix for security vulnerabilities found in its Enterprise Server product. One flaw, CVE-2024-6800, allows attackers to manipulate SAML SSO authentication to gain site administrator privileges, with a severity score of 9.5/10. The vulnerabilities affect versions prior to 3.14 and were fixed in subsequent releases. Two … Read more

GitHub Enterprise Server vulnerable to critical auth bypass flaw

August 21, 2024 at 10:22AM A critical vulnerability, CVE-2024-6800, in GitHub Enterprise Server allows an attacker to gain admin privileges by exploiting a problem with SAML authentication. Over 36,500 GHES instances are accessible online, mostly in the US. GitHub has released fixed versions and warns of potential errors and issues during the update process. Based … Read more