Unless you're cool with an unauthorized criminal enjoying admin privileges to comb through your code
A critical bug in GitHub Enterprise Server could allow an attacker to gain unauthorized access to a user account with administrator privileges and then wreak havoc on an organization's code repositories.
The good news is that there's a fix. The Microsoft-owned code hosting service addressed the 9.5 CVSS-rated flaw tracked as Orgs running a vulnerable instance of GitHub Enterprise Server , GitHub's self-hosted version, will likely do well to download the update ASAP as miscreants are likely already scanning for this CVE. Affected versions of GHES include 3.13.0 to 3.13.2, 3.10.0 to 3.10.15, 3.11.0 to 3.11.13 and 3.12.0 to 3.12.7. As GitHub explained in the release notes we’ve linked to above, the critical flaw affected GHES instances that use Security Assertion Markup Language for single sign-on authentication. The SAML authentication allows specific identity providers that use publicly exposed and signed federation metadata XML. This could allow an attacker to forge a SAML response to gain administrator privileges on a compromised machine, thus giving an unauthorized party access to your organization's GitHub-hosted repos.could allow an attacker to update the title, assignees and labels of any issue inside a public repository — public being the key word here. Private and internal repositories are not affected by this bug, which earned a 5.3 CVSS rating.is a 5.9-rated vulnerability that could allow an attacker to disclose the issue contents from a private repository using a GitHub App with only 'content: read' and 'pull_request_write: write' permissions.Multiple flaws in Microsoft macOS apps unpatched despite potential risksafter rolling out an"erroneous" configuration change to all GitHub.com databases. This caused a global outage to several of its services, along with GitHub.com and the GitHub API.Digital wallets can allow purchases with stolen credit cards
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Enterprise Therapeutics doses first person with cystic fibrosis in phase 2 trial for novel therapy ETD001Enterprise Therapeutics Ltd (Enterprise), a biopharmaceutical company dedicated to the discovery and development of novel therapies to improve the lives of those suffering from respiratory disease, today announced dosing of the first person with cystic fibrosis (pwCF) in its Phase 2a trial of ETD001.
Read more »
Is Marvel Rivals down? Server status and maintenanceIf you can't log in to play Marvel Rivals, it's possible that the servers are down. Read here to find out if the servers are down.
Read more »
How to get a Pyro Dino on a PvE server in Once HumanHere is how to get the Pyro Dino for both PvP and PvE players in Once Human, featuring locations, inhibitor tips, and more.
Read more »
FYI: Data from deleted GitHub repos may not actually be deletedAnd the forking Microsoft-owned code warehouse doesn't see this as much of a problem
Read more »
Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bankMay even have targeted other malware gangs, and infosec researchers
Read more »
Who needs GitHub Copilot when you can roll your own AI code assistant at homeHere's how to get started with the open source tool Continue
Read more »