Security News > 2024 > August > Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
2024-08-22 12:19
A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty program, has been addressed and administrators are advised to update quickly. About CVE-2024-6800 GitHub Enterprise Server is a software development platform that organizations often self-host on-premises, usually to comply with specific regulations that require more control/security over their code repositories. It comes … More → The post Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/08/22/cve-2024-6800/
Related news
- WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334) (source)
- Critical flaws fixed in Nagios Log Server (source)
- MITRE warns that funding for critical CVE program expires today (source)
- CISA extends funding to ensure 'no lapse in critical CVE services' (source)
- ASUS warns of critical auth bypass flaw in routers using AiCloud (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) (source)
- ⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-20 | CVE-2024-6800 | Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. | 9.8 |