Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

GitHub Issues Another Critical Vuln for its Enterprise Server

October 2024 by Sylvain Cortes, VP Strategy at Hackuity

GitHub Enterprise Server has issued a critical patch for another highly critical vulnerability, which allows attackers to bypass authentication mechanisms if not addressed.

Sylvain Cortes, VP Strategy, Hackuity explains:

“GitHub’s security flaw, CVE-2024-9487, is critical. With a severity rating of 9.5 out of 10, this vulnerability could allow an attacker to gain full admin access to the GitHub Enterprise Server without authentication, through improper verification of cryptographic signatures.
Many organisations still find patching to be a challenge, but this recent vulnerability is a great reminder of the need for security teams to stay vigilant about the most critical issues within their network.
It’s reported that the number of affected users is limited, however users of the Enterprise Server software should push patching of this vulnerability to the top of their to-do lists.
The good news is, the vulnerability is only exploitable where SAML SSO is used with encrypted assertions enabled, and this feature is not activated automatically. Furthermore, the vulnerability is only present in versions released before version 3.15 of the code, or a prior version without the latest update installed.”


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts