Photo credit: www.csoonline.com
Resolution of Two Moderately Rated Vulnerabilities
The latest security patch addresses a number of vulnerabilities, including CVE-2024-7711, which has been classified with a “medium” severity and assigned a CVSS score of 5.3. This specific vulnerability pertains to incorrect authorization, allowing unauthorized users to modify the title, assignees, and labels associated with any issue within a public repository, as stated by GitHub representatives.
Additionally, another vulnerability, CVE-2024-6337, was also rectified. This vulnerability similarly involves incorrect authorization, permitting potential attackers to access issue contents from a private repository. This could occur through a GitHub App that is granted specific permissions for content reading and pull requests writing.
GitHub clarified that the exploitation of CVE-2024-6337 was limited to cases involving user access tokens, indicating that installation access tokens were unaffected by this vulnerability. It received a CVSS rating of 5.9. This incident marks a recurring concern for GitHub, as just three months ago, it faced a severe SAML authentication request forgery vulnerability. Back in May, a critical flaw was identified that scored a perfect 10 on the CVSS scale, exposing GitHub Enterprise Server customers to risks of unauthorized admin access to their business accounts.
Source
www.csoonline.com