Security News > 2024 > August > Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
2024-08-22 12:19

A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty program, has been addressed and administrators are advised to update quickly. About CVE-2024-6800 GitHub Enterprise Server is a software development platform that organizations often self-host on-premises, usually to comply with specific regulations that require more control/security over their code repositories. It comes … More → The post Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/08/22/cve-2024-6800/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-08-20 CVE-2024-6800 Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML.
network
low complexity
github CWE-347
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 3 42 30 15 90