VDB
CVE-2024-6800
CVE-2024-6800
PUBLISHED
Es besteht eine Schwachstelle in Microsoft GitHub Enterprise. Diese Fehler besteht aufgrund eines XML-Signatur-Wrapping-Problems in den SAML-Authentifizierungsmechanismen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Site-Administrator-Rechte zu erlangen.
EPSS 3.01% · 86.9th percentile
Risk Scores
EPSS Score
3.01%
86.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft GitHub Enterprise <3.10.16 | |
| Microsoft | Microsoft GitHub Enterprise <3.11.14 | |
| Microsoft | Microsoft GitHub Enterprise <3.13.3 | |
| Microsoft | Microsoft GitHub Enterprise <3.12.8 |
Timeline
- CVE Published
- Aug 20, 2024 PoC Published
- Aug 21, 2024 EPSS Score
- Aug 21, 2024 PoC Published
- Aug 22, 2024 PoC Published
- Aug 22, 2024 PoC Published
- Aug 22, 2024 PoC Published
- Aug 22, 2024 PoC Published
- Aug 23, 2024 PoC Published
- Aug 26, 2024 PoC Published
- Aug 26, 2024 PoC Published
- Sep 10, 2024 PoC Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1890.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1890 advisory
- https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16 advisory
- https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14 advisory
- https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8 advisory
- https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3 advisory