Overview
An update has been released to address vulnerabilities in the GitHub Enterprise Server(GHES) products. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-6800
- GitHub Enterprise Server versions: All versions before 3.14
Resolved Vulnerabilities
XML signature wrapping vulnerability in GitHub Enterprise Server (GHES) when utilizing SAML authentication with certain identity providers (CVE-2024-6800)
Vulnerability Patches
The following product-specific vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-6800
- GitHub Enterprise Server version: 3.13.3
- GitHub Enterprise Server version: 3.12.8
- GitHub Enterprise Server version: 3.11.14
- GitHub Enterprise Server version: 3.10.16
References
[1] CVE-2024-6800 Detail
https://nvd.nist.gov/vuln/detail/cve-2024-6800
[2] Enterprise Server 3.10.16
https://docs.github.com/en/[email protected]/admin/release-notes#3.10.16
[3] Enterprise Server 3.11.14
https://docs.github.com/en/[email protected]/admin/release-notes#3.11.14
[4] Enterprise Server 3.12.8
https://docs.github.com/en/[email protected]/admin/release-notes#3.12.8
[5] Enterprise Server 3.13.3
https://docs.github.com/en/[email protected]/admin/release-notes#3.13.3
Article Link: GitHub Enterprise Server (GHES) Product Security Update Advisory (CVE-2024-6800) – ASEC