GitHub Enterprise Server (GHES) Product Security Update Advisory (CVE-2024-6800)

Overview

 

An update has been released to address vulnerabilities in the GitHub Enterprise Server(GHES) products. Users of the affected versions are advised to update to the latest version.

Affected Products

 

CVE-2024-6800

  • GitHub Enterprise Server versions: All versions before 3.14

 

Resolved Vulnerabilities

 

XML signature wrapping vulnerability in GitHub Enterprise Server (GHES) when utilizing SAML authentication with certain identity providers (CVE-2024-6800)

 

Vulnerability Patches

 

The following product-specific vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-6800

  • GitHub Enterprise Server version: 3.13.3
  • GitHub Enterprise Server version: 3.12.8
  • GitHub Enterprise Server version: 3.11.14
  • GitHub Enterprise Server version: 3.10.16

 

References

 

[1] CVE-2024-6800 Detail

https://nvd.nist.gov/vuln/detail/cve-2024-6800

[2] Enterprise Server 3.10.16

https://docs.github.com/en/[email protected]/admin/release-notes#3.10.16

[3] Enterprise Server 3.11.14

https://docs.github.com/en/[email protected]/admin/release-notes#3.11.14

[4] Enterprise Server 3.12.8

https://docs.github.com/en/[email protected]/admin/release-notes#3.12.8

[5] Enterprise Server 3.13.3

https://docs.github.com/en/[email protected]/admin/release-notes#3.13.3

Article Link: GitHub Enterprise Server (GHES) Product Security Update Advisory (CVE-2024-6800) – ASEC