Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
GitHub Enterprise Server Vulnerability: Critical Flaw Puts Admin Controls at Risk!
GitHub Enterprise Server has a critical vulnerability (CVE-2024-6800) allowing attackers to elevate privileges to admin. If you’re running GHES, don’t wait—update now before your server becomes a hacker’s playground.
Hot Take:
Well, folks, it looks like GitHub Enterprise Server has decided to throw an uninvited admin party, and every hacker with a SAML cheat sheet is on the guest list. Who knew XML could be so… welcoming?
Key Points:
- GitHub Enterprise Server vulnerability CVE-2024-6800 allows privilege escalation to admin.
- Issue is tied to SAML authentication with specific identity providers.
- Patch available for versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16.
- Over 36,500 instances potentially exposed, majority in the US.
- Two additional vulnerabilities patched: CVE-2024-7711 and CVE-2024-6337.
Already a member? Log in here