{"uuid": "28bb0187-c5ed-4c78-9672-4254dcaca27f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6800", "type": "seen", "source": "https://t.me/cibsecurity/79242", "content": "\ud83e\udd85 The SAML Exploit That Could Take Down GitHub: What You Need to Know About CVE-2024-6800 \ud83e\udd85\n\n  Key Takeaways\u00a0    CVE20246800 is a severe security flaw discovered in GitHub Enterprise Server GHES, which could allow unauthorized access and control over sensitive systems by exploiting XML signature wrapping and forged SAML responses.\u00a0     The vulnerability impacts all GHES versions prior to 3.14, excluding versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16, indicating that many installations could be at risk.\u00a0     Exploiting this vulnerability can grant attackers unauthorized access to GHES instances, enabling them to view, modify, or delete critical source code and sensitive data and potentially compromising entire supply chains.\u00a0     GHES instances are often accessible over the internet, which broadens the attack surface and increases the likelihood of exploitation, emphasizing the n...\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"CYBLE\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity", "creation_timestamp": "2024-08-26T17:20:16.000000Z"}