March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert –AZORult Stealer Malware Resurfaces and Evades Detection While Using Email Phishing – Active IOCs
January 18, 2024Rewterz Threat Alert – Multiple Oracle Products Vulnerabilities
January 18, 2024Rewterz Threat Alert –AZORult Stealer Malware Resurfaces and Evades Detection While Using Email Phishing – Active IOCs
January 18, 2024Rewterz Threat Alert – Multiple Oracle Products Vulnerabilities
January 18, 2024
Severity
High
Analysis Summary
CVE-2024-0200 CVSS:7.9
GitHub Enterprise Server could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe reflection flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-0507 CVSS:6.5
GitHub Enterprise Server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by command injection in the Management Console. An authenticated attacker could exploit this vulnerability to gain elevated privileges on the system.
Impact
- Code Execution
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2024-0200
- CVE-2024-0507
Affected Vendors
GitHUB
Affected Products
- GitHub Enterprise Server 3.9.6
- GitHub Enterprise Server 3.10.3
- GitHub Enterprise Server 3.11.0
- GitHub Enterprise Server 3.8.11
- GitHub Enterprise Server 3.8.12
- GitHub Enterprise Server 3.9.7
- GitHub Enterprise Server 3.10.4
- GitHub Enterprise Server 3.11.2
Remediation
Refer to the GitHub Web site for patch, upgrade or suggested workaround information.