Chinese Volt Typhoon Attacks US and International IT Sectors by Exploiting Versa Director Flaw – Active IOCs
August 28, 2024An Emerging Ducktail Infostealer – Active IOCs
August 28, 2024Chinese Volt Typhoon Attacks US and International IT Sectors by Exploiting Versa Director Flaw – Active IOCs
August 28, 2024An Emerging Ducktail Infostealer – Active IOCs
August 28, 2024Severity
Medium
Analysis Summary
CVE-2024-7711 CVSS:5.4
GitHub Enterprise Server could allow a remote authenticated attacker to bypass security restrictions, caused by improper authorization validation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the title, assignees, and labels of any issue inside a public repository.
CVE-2024-6337 CVSS:6.3
GitHub Enterprise Server could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validation. By executing a specially crafted application, an attacker could exploit this vulnerability to read issue content inside a private repository, and use this information to launch further attacks against the affected system.
CVE-2024-6800 CVSS:9
GitHub Enterprise Server could allow a remote attacker to bypass security restrictions, caused by a flaw when using SAML authentication with specific identity providers. By sending a specially crafted request utilizing publicly exposed signed federation metadata XML, an attacker could exploit this vulnerability to forge a SAML response to provision and/or gain access to a user with site administrator privileges.
Impact
- Security Bypass
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-7711
- CVE-2024-6337
- CVE-2024-6800
Affected Vendors
Affected Products
- GitHub Enterprise Server 3.11.13
- GitHub Enterprise Server 3.12.7
- GitHub Enterprise Server 3.13.2
- GitHub Enterprise Server 3.10.15
Remediation
Upgrade to the latest version of GitHub Enterprise Server, available from the GitHub Website.