Security News > 2024 > August > GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges
2024-08-22 04:48
GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges. The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a CVSS score of 9.5. "On GitHub Enterprise Server instances that use SAML single sign-on (SSO)
News URL
https://thehackernews.com/2024/08/github-patches-critical-security-flaw.html
Related news
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation (source)
- Major security audit of critical FreeBSD components now available (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- New critical Apache Struts flaw exploited to find vulnerable servers (source)
- Critical security hole in Apache Struts under exploit (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-20 | CVE-2024-6800 | Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. | 9.8 |