Security News > 2024 > August > GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges
2024-08-22 04:48
GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges. The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a CVSS score of 9.5. "On GitHub Enterprise Server instances that use SAML single sign-on (SSO)
News URL
https://thehackernews.com/2024/08/github-patches-critical-security-flaw.html
Related news
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- GitHub expands security tools after 39 million secrets leaked in 2024 (source)
- Critical flaws fixed in Nagios Log Server (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
- Apache Parquet exploit tool detect servers vulnerable to critical flaw (source)
- Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals (source)
- Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-20 | CVE-2024-6800 | Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. | 9.8 |