Security News > 2024 > August > GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges
2024-08-22 04:48
GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges. The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a CVSS score of 9.5. "On GitHub Enterprise Server instances that use SAML single sign-on (SSO)
News URL
https://thehackernews.com/2024/08/github-patches-critical-security-flaw.html
Related news
- Don't Overlook These 6 Critical Okta Security Configurations (source)
- 89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals (source)
- Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts (source)
- GitHub project maintainers targeted with fake security alert (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- Critical AMI MegaRAC bug can let attackers hijack, brick servers (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Critical GitHub Attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-20 | CVE-2024-6800 | Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. | 9.8 |