heise PlusAbo
Anzeige

Admin attacks on GitHub Enterprise Server possible

Under certain conditions, attackers can hijack admin accounts of GitHub Enterprise Server.

listen Print view

(Image: Tatiana Popova/Shutterstock.com)

1 min. read
Security
By

Admins who operate a local installation of the GitHub platform with GitHub Enterprise Server should install one of the updated versions as soon as possible due to a"critical" security vulnerability.

Admin vulnerability

In order for attackers to be able to exploit the vulnerability (CVE-2024-6800), authentication via SAML must be active and network access must be granted. If these requirements are met, crafted SAML responses can allow access to an admin account.

Videos by heise

In several articles, the developers claim to have closed the security gap in versions 3.10.16, 3.11.14, 3.12.8 and 3.13.3. The developers have also addressed two other vulnerabilities (CVE-2024-7711"medium", CVE-2024-6337"medium"). These allowed unauthorized access to repositories.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten