Security News > 2024 > August > Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
2024-08-22 12:19
A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty program, has been addressed and administrators are advised to update quickly. About CVE-2024-6800 GitHub Enterprise Server is a software development platform that organizations often self-host on-premises, usually to comply with specific regulations that require more control/security over their code repositories. It comes … More → The post Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/08/22/cve-2024-6800/
Related news
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) (source)
- Juniper patches critical auth bypass in Session Smart routers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-20 | CVE-2024-6800 | Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. | 9.8 |