Head Topics

GitHub Enterprise Server patches 10-outta-10 critical hole

United Kingdom News News

GitHub Enterprise Server patches 10-outta-10 critical hole
United Kingdom Latest News,United Kingdom Headlines
  • 📰 TheRegister
  • ⏱ Reading Time:
  • 53 sec. here
  • 2 min. at publisher
  • 📊 Quality Score:
  • News: 24%
  • Publisher: 61%

On the bright side, someone made up to $30,000+ for finding it

GitHub has patched its Enterprise Server software to fix a security flaw that scored a 10 out of 10 CVSS severity score.

The vulnerability affects instances of GitHub Enterprise Server, and gives full admin access to anyone exploiting the issue in any version of the code prior to version p3.13.0 of the code base. "On instances that use SAML single sign-on authentication with the optional encrypted assertions feature, an attacker could forge a SAML response to provision and/or gain access to a user with administrator privileges," GitHubThe bug has been assigned as CVE-2024-4985 and received the maximum severity score of 10.

Though, even $30,000 might be conservative."The upper bound for critical vulnerabilities is only a guideline, and GitHub may reward higher amounts for exceptional reports," GitHub says. Since this was a maximum severity security hole, the person who found it might have been paid very generously indeed.

When PoC code is released within a day of disclosure, it's only a matter of time before attacks kick offThe truth about KEV: CISA’s vuln deadlines good influence on private-sector patching

We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

TheRegister /  🏆 67. in UK

United Kingdom Latest News, United Kingdom Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

Microsoft confirms spike in NTLM authentication traffic after Windows Server patchMicrosoft confirms spike in NTLM authentication traffic after Windows Server patchStill using ancient protocol suite? April update might make you wish you weren't
Read more »

Microsoft dusts off ancient MS-DOS 4.0 code for release on GitHubMicrosoft dusts off ancient MS-DOS 4.0 code for release on GitHubNobody's favorite operating system is now available for inspection
Read more »

Misconfigured cloud server leaked clues of North Korean animation scamMisconfigured cloud server leaked clues of North Korean animation scamOutsourcers outsourced work for the BBC, Amazon, and HBO Max to the hermit kingdom
Read more »

More than a third of enterprise datacenters expect to deploy liquid cooling by 2026More than a third of enterprise datacenters expect to deploy liquid cooling by 2026Which one of you is already running 100-plus kilowatt racks?
Read more »

Using its own sums, AMD claims it's helping save Earth with Epyc server chipletsUsing its own sums, AMD claims it's helping save Earth with Epyc server chipletsSmaller dies, less wafer loss equals lower emissions, exec claims
Read more »

Bishopton social enterprise awarded for providing veterans jobsA sign production company that provides jobs for veterans wins a royal award.
Read more »



Render Time: 2025-04-25 14:37:44