{"vulnerability": "CVE-2024-4985", "sightings": [{"uuid": "91d0e8e4-4694-4954-ab6a-82e0bf7d4d51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49851", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "0e61250f-af16-4b17-bca2-a067cc46f38d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49858", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "160825bc-75a1-476c-bad7-60f03dbaed0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-49854", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "98c61112-7ec4-483f-b7ec-1f3f82cd627d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-49859", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "0f278736-5863-49fa-bffd-f97a35984bc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-49859", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "aab75253-55e1-41f2-92df-b30f7443ec12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-49858", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "e6e06503-1de8-4660-8525-5aa76e247e89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-49855", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "3edd1009-fcdc-48d6-be2b-02be206be0a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "seen", "source": "Telegram/5PkwwqWpUDuWtHraZyPfheCmfEMAsIHD6X3wci2LMP5Q0ak", "content": "", "creation_timestamp": "2024-05-21T19:50:50.000000Z"}, {"uuid": "6ac49af4-4e1e-4103-abea-9c593bbc564d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/8260", "content": "The Hacker News\nCritical GitHub Enterprise Server Flaw Allows Authentication Bypass\n\nGitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections.\nTracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication.\n\"On instances that use SAML single sign-on (SSO) authentication with the", "creation_timestamp": "2024-05-21T19:52:54.000000Z"}, {"uuid": "a4e48edc-7b73-4f55-bca1-84949a0acf2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49852", "type": "seen", "source": "https://t.me/cvedetector/8497", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49852 - Oracle Linux Use-After-Free in scsi elx libefc\", \n  \"Content\": \"CVE ID : CVE-2024-49852 \nPublished : Oct. 21, 2024, 1:15 p.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nscsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()  \n  \nThe kref_put() function will call nport->release if the refcount drops to  \nzero.  The nport->release release function is _efc_nport_free() which frees  \n\"nport\".  But then we dereference \"nport\" on the next line which is a use  \nafter free.  Re-order these lines to avoid the use after free. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T16:01:10.000000Z"}, {"uuid": "2ccd6b8f-1f1c-4c02-9cd1-85dd60d71f4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49851", "type": "seen", "source": "https://t.me/cvedetector/8493", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49851 - \"Linux Kernel TPM Space Leaking Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-49851 \nPublished : Oct. 21, 2024, 1:15 p.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ntpm: Clean up TPM space after command failure  \n  \ntpm_dev_transmit prepares the TPM space before attempting command  \ntransmission. However if the command fails no rollback of this  \npreparation is done. This can result in transient handles being leaked  \nif the device is subsequently closed with no further commands performed.  \n  \nFix this by flushing the space in the event of command transmission  \nfailure. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T16:01:07.000000Z"}, {"uuid": "2b441f48-be6a-4bcf-b7f3-0c9d36ade2bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49859", "type": "seen", "source": "https://t.me/cvedetector/8482", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49859 - Linux Kernel f2fs Race Condition\", \n  \"Content\": \"CVE ID : CVE-2024-49859 \nPublished : Oct. 21, 2024, 1:15 p.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nf2fs: fix to check atomic_file in f2fs ioctl interfaces  \n  \nSome f2fs ioctl interfaces like f2fs_ioc_set_pin_file(),  \nf2fs_move_file_range(), and f2fs_defragment_range() missed to  \ncheck atomic_write status, which may cause potential race issue,  \nfix it. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T16:00:49.000000Z"}, {"uuid": "b5fd98d6-fda7-4790-83dc-4e62800ed847", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49858", "type": "seen", "source": "https://t.me/cvedetector/8481", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49858 - Linux/Efi Tpm Event Log Corruption Vuln\", \n  \"Content\": \"CVE ID : CVE-2024-49858 \nPublished : Oct. 21, 2024, 1:15 p.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nefistub/tpm: Use ACPI reclaim memory for event log to avoid corruption  \n  \nThe TPM event log table is a Linux specific construct, where the data  \nproduced by the GetEventLog() boot service is cached in memory, and  \npassed on to the OS using an EFI configuration table.  \n  \nThe use of EFI_LOADER_DATA here results in the region being left  \nunreserved in the E820 memory map constructed by the EFI stub, and this  \nis the memory description that is passed on to the incoming kernel by  \nkexec, which is therefore unaware that the region should be reserved.  \n  \nEven though the utility of the TPM2 event log after a kexec is  \nquestionable, any corruption might send the parsing code off into the  \nweeds and crash the kernel. So let's use EFI_ACPI_RECLAIM_MEMORY  \ninstead, which is always treated as reserved by the E820 conversion  \nlogic. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T16:00:48.000000Z"}, {"uuid": "984eccfe-3112-4e9f-9e7f-39a50528f27b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49856", "type": "seen", "source": "https://t.me/cvedetector/8480", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49856 - \"Linux Kernel x86 SGX NUMA Deadlock\"\", \n  \"Content\": \"CVE ID : CVE-2024-49856 \nPublished : Oct. 21, 2024, 1:15 p.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nx86/sgx: Fix deadlock in SGX NUMA node search  \n  \nWhen the current node doesn't have an EPC section configured by firmware  \nand all other EPC sections are used up, CPU can get stuck inside the  \nwhile loop that looks for an available EPC page from remote nodes  \nindefinitely, leading to a soft lockup. Note how nid_of_current will  \nnever be equal to nid in that while loop because nid_of_current is not  \nset in sgx_numa_mask.  \n  \nAlso worth mentioning is that it's perfectly fine for the firmware not  \nto setup an EPC section on a node. While setting up an EPC section on  \neach node can enhance performance, it is not a requirement for  \nfunctionality.  \n  \nRework the loop to start and end on *a* node that has SGX memory. This  \navoids the deadlock looking for the current SGX-lacking node to show up  \nin the loop when it never will. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T16:00:48.000000Z"}, {"uuid": "a9f9bf09-7d0f-4bfc-aaad-db4723196786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49853", "type": "seen", "source": "https://t.me/cvedetector/8485", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49853 - Oracle OPTEE arm_scmi Double Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-49853 \nPublished : Oct. 21, 2024, 1:15 p.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nfirmware: arm_scmi: Fix double free in OPTEE transport  \n  \nChannels can be shared between protocols, avoid freeing the same channel  \ndescriptors twice when unloading the stack. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T16:00:55.000000Z"}, {"uuid": "ba51ae6d-4589-42df-b355-19336d1005e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49854", "type": "seen", "source": "https://t.me/cvedetector/8484", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49854 - Linux Kernel BlockBFQ Uninitialized Function Pointer\", \n  \"Content\": \"CVE ID : CVE-2024-49854 \nPublished : Oct. 21, 2024, 1:15 p.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nblock, bfq: fix uaf for accessing waker_bfqq after splitting  \n  \nAfter commit 42c306ed7233 (\"block, bfq: don't break merge chain in  \nbfq_split_bfqq()\"), if the current procress is the last holder of bfqq,  \nthe bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq and  \nthen access bfqq->waker_bfqq may trigger UAF. What's more, the waker_bfqq  \nmay in the merge chain of bfqq, hence just recored waker_bfqq is still  \nnot safe.  \n  \nFix the problem by adding a helper bfq_waker_bfqq() to check if  \nbfqq->waker_bfqq is in the merge chain, and current procress is the only  \nholder. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T16:00:54.000000Z"}, {"uuid": "782e2f63-4bad-4307-a424-e0ff539fc505", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49857", "type": "seen", "source": "https://t.me/cvedetector/8479", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49857 - Linux kernel iwlwifi NULL Pointer Dereference\", \n  \"Content\": \"CVE ID : CVE-2024-49857 \nPublished : Oct. 21, 2024, 1:15 p.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nwifi: iwlwifi: mvm: set the cipher for secured NDP ranging  \n  \nThe cipher pointer is not set, but is derefereced trying to set its  \ncontent, which leads to a NULL pointer dereference.  \nFix it by pointing to the cipher parameter before dereferencing. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T16:00:47.000000Z"}, {"uuid": "afc2dfd4-7274-4880-bd0b-83b840c29e70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-49855", "type": "seen", "source": "https://t.me/cvedetector/8478", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49855 - Linux Kernel NBD Use-After-Free\", \n  \"Content\": \"CVE ID : CVE-2024-49855 \nPublished : Oct. 21, 2024, 1:15 p.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnbd: fix race between timeout and normal completion  \n  \nIf request timetout is handled by nbd_requeue_cmd(), normal completion  \nhas to be stopped for avoiding to complete this requeued request, other  \nuse-after-free can be triggered.  \n  \nFix the race by clearing NBD_CMD_INFLIGHT in nbd_requeue_cmd(), meantime  \nmake sure that cmd->lock is grabbed for clearing the flag and the  \nrequeue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T16:00:46.000000Z"}, {"uuid": "1b9f8978-9e7c-41d8-a64b-bf2109cf1e60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "published-proof-of-concept", "source": "https://t.me/cKure/13898", "content": "\ud83e\uddec GitHub Enterprise SAML Authentication Bypass (CVE-2024-4985 / CVE-2024-9487).\n\nhttps://projectdiscovery.io/blog/github-enterprise-saml-authentication-bypass", "creation_timestamp": "2024-11-12T10:49:06.000000Z"}, {"uuid": "9eb90b05-846f-437b-82e8-7ef9fba57f93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/731", "content": "\u200aCVE-2024-4985 (CVSS 10): Critical Authentication Bypass Flaw Found in GitHub Enterprise Server\n\nhttps://securityonline.info/cve-2024-4985-cvss-10-critical-authentication-bypass-flaw-found-in-github-enterprise-server/", "creation_timestamp": "2024-05-21T15:30:05.000000Z"}, {"uuid": "17a0649d-d370-4291-a58e-14f71b6fe332", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "seen", "source": "https://t.me/HackingInsights/826", "content": "\u200aCritical GitHub Enterprise Server Authentication Bypass bug. Fix it now!\n\nhttps://securityaffairs.com/163515/hacking/github-enterprise-server-cve-2024-4985.html", "creation_timestamp": "2024-05-23T19:33:09.000000Z"}, {"uuid": "67d33cc4-c836-4516-8e2a-6a58459d943e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/1544", "content": "The Hacker News\nCritical GitHub Enterprise Server Flaw Allows Authentication Bypass\n\nGitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections.\nTracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication.\n\"On instances that use SAML single sign-on (SSO) authentication with the", "creation_timestamp": "2024-05-21T19:52:54.000000Z"}, {"uuid": "82a91901-8d42-4b3d-b704-c2a7d1a4a938", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "published-proof-of-concept", "source": "https://t.me/darkcommunityofficial/892", "content": "https://github.com/absholi7ly/Bypass-authentication-GitHub-Enterprise-Server\n\nCVE-2024-4985\n#github #poc", "creation_timestamp": "2024-06-01T11:57:06.000000Z"}, {"uuid": "d47230d2-1039-45bb-8486-4a27b2c7d18c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "seen", "source": "Telegram/6zjp7CWcS56_MpPVE12auXNgfGE8Jwo4Labv7ZjewT4p-w", "content": "", "creation_timestamp": "2024-05-21T20:23:51.000000Z"}, {"uuid": "dd2a5a5b-b447-4533-8823-224d1b5c1ac0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "seen", "source": "https://t.me/MrVGunz/1134", "content": "\u0647\u0634\u062f\u0627\u0631 \u0628\u0631\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 GitHub Enterprise Server.\n\n\u06cc\u06a9 \u0646\u0642\u0635 \u0628\u062d\u0631\u0627\u0646\u06cc (CVE-2024-4985) \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u0628\u0627 \u062c\u0639\u0644 \u067e\u0627\u0633\u062e\u200c\u0647\u0627\u06cc SAML \u0628\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u0645\u062f\u06cc\u0631 \u062f\u0633\u062a \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f.\n\n\u062c\u0632\u0626\u06cc\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u062f\u0631 \u0645\u0642\u0627\u0644\u0647: https://thehackernews.com/2024/05/critical-github-enterprise-server-flaw.html\n\n\u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u0622\u06cc\u0627 \u0646\u0645\u0648\u0646\u0647 \u0634\u0645\u0627 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a\u0647 \u0627\u0633\u062a \u0648 \u0641\u0648\u0631\u0627\u064b \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u06a9\u0646\u06cc\u062f.\n\nAlert for GitHub Enterprise Server users. \n \nA critical flaw (CVE-2024-4985) has been found, allowing attackers to gain admin privileges by forging SAML responses. \n \nMore details in the article: https://thehackernews.com/2024/05/critical-github-enterprise-server-flaw.html \n \nCheck if your instance is affected & update immediately.", "creation_timestamp": "2024-05-22T12:35:57.000000Z"}, {"uuid": "88ad32a7-8928-4e25-8b0c-db77983b34a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "seen", "source": "https://t.me/KomunitiSiber/1979", "content": "Critical GitHub Enterprise Server Flaw Allows Authentication Bypass\nhttps://thehackernews.com/2024/05/critical-github-enterprise-server-flaw.html\n\nGitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections.\nTracked as\u00a0CVE-2024-4985\u00a0(CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication.\n\"On instances that use SAML single sign-on (SSO) authentication with the", "creation_timestamp": "2024-05-21T19:29:47.000000Z"}, {"uuid": "64f8fc4e-f8c7-4429-962c-712bffb50850", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2372", "content": "CVE-2024-50340 - Adapted EOS Exploit\n*\nCVE-2024-4985 / CVE-2024-9487 - GitHub Enterprise SAML Authentication Bypass exploit", "creation_timestamp": "2024-11-12T04:59:20.000000Z"}, {"uuid": "d10ce6bf-aa19-4bc0-86a4-82221b77c0e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "published-proof-of-concept", "source": "Telegram/Xf-OZTZ1qSXbTWHr-O3gplBCRCw1cGfJ6CVi9zCL3nwA1hI", "content": "", "creation_timestamp": "2024-08-22T10:54:43.000000Z"}, {"uuid": "3272f125-c283-48ea-aac5-da8491abebc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "seen", "source": "https://t.me/true_secator/5769", "content": "GitHub \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Enterprise Server, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438.\n\nCVE-2024-4985 \u0438\u043c\u0435\u0435\u0442 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u0443\u044e \u043e\u0446\u0435\u043d\u043a\u0443 \u0438\u0437 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0445 CVSS 10/10 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Enterprise Server \u0434\u043e 3.13.0 \u0441 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0435\u0434\u0438\u043d\u043e\u0433\u043e \u0432\u0445\u043e\u0434\u0430 SAML (SSO) \u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0439.\n\n\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0431\u0435\u0437 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0438 \u043e\u0442\u0432\u0435\u0442\u0430 SAML.\n\n\u041e\u0434\u043d\u0430\u043a\u043e, \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e GitHub, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e, \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e SAML SSO \u0431\u0435\u0437 \u044d\u0442\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438, \u043d\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0443, \u043a\u0430\u043a Enterprise Server \u0431\u0435\u0437 \u0435\u0434\u0438\u043d\u043e\u0433\u043e \u0432\u0445\u043e\u0434\u0430 SAML.\n\nGitHub \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432 \u0432 \u0441\u0440\u043e\u0447\u043d\u043e\u043c \u043f\u043e\u0440\u044f\u0434\u043a\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Enterprise Server 3.9.15, 3.10.12, 3.11.10 \u0438 3.12.4.\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u043d\u0435 \u0440\u0430\u0441\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f\u043c\u0438 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u043d\u043e \u0441 \u0443\u0447\u0435\u0442\u043e\u043c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 CVE-2024-4985, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c GitHub Enterprise Server \u0434\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 CVE-2024-4985 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u043d\u0435\u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e \u0432\u044b\u0441\u043e\u043a\u043e\u043c\u0443 \u0440\u0438\u0441\u043a\u0443 \u0432\u0437\u043b\u043e\u043c\u0430 \u0441\u0435\u0442\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438.", "creation_timestamp": "2024-05-23T12:50:32.000000Z"}, {"uuid": "bff628fc-dd66-4c0a-a243-0db514b126dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "seen", "source": "https://t.me/true_secator/6325", "content": "GitHub \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Enterprise Server, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f\u0443 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0430\u043c.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-9487\u00a0(CVSS 9,5) \u0438 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043c\u0430\u0435 2024 \u0433\u043e\u0434\u0430 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043a\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 CVE-2024-4985 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0434\u0434\u0435\u043b\u044b\u0432\u0430\u0442\u044c \u043e\u0442\u0432\u0435\u0442\u044b SAML \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a Enterprise Server.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c GitHub, \u043d\u043e\u0432\u0430\u044f \u0437\u0430\u043a\u0440\u044b\u0442\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043e\u0434\u0438\u043d \u0438\u0437 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u043e\u0432 \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043e\u0431\u0445\u043e\u0434\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0435\u0434\u0438\u043d\u043e\u0433\u043e \u0432\u0445\u043e\u0434\u0430 SSO SAML \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0439, \u0447\u0442\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0443 \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u043d\u0435\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0435\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u043e\u0434\u043f\u0438\u0441\u0435\u0439 \u0432 GitHub Enterprise Server.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b, \u0430 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b Enterprise Server, \u043d\u0435\u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c SAML SSO \u0438\u043b\u0438 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u044e\u0449\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0431\u0435\u0437 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0439, \u043d\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u044b.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u044f\u043c\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u043e\u0442\u0432\u0435\u0442 SAML \u0438\u043b\u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 GitHub Enterprise Server \u0432\u0435\u0440\u0441\u0438\u0439 3.11.16, 3.12.10, 3.13.5 \u0438 3.14.2 \u043d\u0430\u0440\u044f\u0434\u0443 \u0441 \u0434\u0440\u0443\u0433\u043e\u0439 CVE-2024-9539 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0447\u0435\u0440\u0435\u0437 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b SVG.\n\n\u0427\u0442\u043e\u0431\u044b \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0435\u0439, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0443\u0431\u0435\u0434\u0438\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043d\u0430\u0436\u0430\u0442\u044c \u043d\u0430 URL-\u0430\u0434\u0440\u0435\u0441 \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0433\u043e \u0430\u043a\u0442\u0438\u0432\u0430, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0435\u043c\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0438\u0445 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u043e\u0439 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b.\n\nGitHub \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442, \u0447\u0442\u043e \u043e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b BugBounty, \u0438 \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442 \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u043a\u0430\u043a\u0430\u044f-\u043b\u0438\u0431\u043e \u0438\u0437 \u043d\u0438\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445.\n\n\u0414\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432 GitHub Enterprise Server \u0432\u0435\u0440\u0441\u0438\u0438 3.14.2 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 HTML-\u0444\u043e\u0440\u043c\u0430\u0445 \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0443\u0442\u0435\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0430 \u0438\u0437 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439.", "creation_timestamp": "2024-10-16T11:50:30.000000Z"}, {"uuid": "07872ade-8833-419a-b0ee-978d33667893", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "seen", "source": "https://t.me/thehackernews/4990", "content": "\u26a1 Alert for GitHub Enterprise Server users. \n \nA critical flaw (CVE-2024-4985) has been found, allowing attackers to gain admin privileges by forging SAML responses. \n \nMore details in the article > https://thehackernews.com/2024/05/critical-github-enterprise-server-flaw.html \n \nCheck if your instance is affected & update immediately.", "creation_timestamp": "2024-05-21T18:24:28.000000Z"}, {"uuid": "9e4c8c3e-2a8b-41ae-a3c5-be4550f2c3ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "seen", "source": "https://t.me/xakep_ru/15856", "content": "\u0412 GitHub Enterprise Server \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u043e\u043f\u0430\u0441\u043d\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 GitHub \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043f\u0430\u0442\u0447\u0438, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 GitHub Enterprise Server (GHES). \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2024-4985 (\u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0435 10 \u0431\u0430\u043b\u043b\u043e\u0432 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS) \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f SAML SSO (Single Sign-On).\n\nhttps://xakep.ru/2024/05/22/ghes-saml-bug/", "creation_timestamp": "2024-05-22T20:10:48.000000Z"}, {"uuid": "1a89a611-11fa-4bcf-ac95-5c4b876c5b86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2570", "content": "https://github.com/absholi7ly/Bypass-authentication-GitHub-Enterprise-Server\n\nCVE-2024-4985\n#github #poc", "creation_timestamp": "2024-06-01T06:24:37.000000Z"}, {"uuid": "e56c7fe6-3b09-42d8-b8b7-01752ecc5730", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "seen", "source": "https://t.me/anti_malware/17518", "content": "\u0412 GitHub Enterprise Server (GHES) \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2024-4985), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.", "creation_timestamp": "2024-05-22T11:10:47.000000Z"}, {"uuid": "19db45fc-442d-41b8-b8df-f78f44a52e63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4985", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10628", "content": "#exploit\n1. CVE-2024-4985:\nGitHub enterprise server auth bypass\nhttps://github.com/absholi7ly/Bypass-authentication-GitHub-Enterprise-Server\n\n2. CVE-2024-5326:\nPost Grid Gutenberg Blocks and WordPress Blog Plugin - PostX <=4.1.2 - Missing Authorization to Arbitrary Options Update\nhttps://github.com/truonghuuphuc/CVE-2024-5326-Poc", "creation_timestamp": "2024-06-06T11:52:57.000000Z"}]}