GitHub fixes critical Enterprise Server bug granting admin privileges
- by nlqip
Fixed two moderately rated bugs
One of the other vulnerabilities fixed with the patch is CVE-2024-7711, which received a “medium” severity rating at a 5.3 CVSS score. The vulnerability is an incorrect authorization vulnerability allowing an attacker to update the title, assignees, and labels of any issue inside a public repository, according to GitHub.
CVE-2024-6337, the third vulnerability addressed in the releases, is another incorrect authorization vulnerability that can allow an attacker to disclose the issue contents from a private repository using a GitHub App with only contents: read and pull requests: write permissions.
“This (CVE-2024-6337) was only exploitable via user access token, and installation access tokens were not impacted,” GitHub added. The vulnerability received a CVSS rating of 5.9. This is the second time in three months that GitHub has been hit with a critical SAML authentication request forgery bug. In May, the GitHub Enterprise Server was affected by a critical 10-out-of-10 CVSS scorer that exposed GitHub enterprise customers to attackers getting admin privileges to business accounts.
Source link
lol
Fixed two moderately rated bugs One of the other vulnerabilities fixed with the patch is CVE-2024-7711, which received a “medium” severity rating at a 5.3 CVSS score. The vulnerability is an incorrect authorization vulnerability allowing an attacker to update the title, assignees, and labels of any issue inside a public repository, according to GitHub. CVE-2024-6337,…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA