CSIRT Panam\u00e1 Aviso 2024-oct-21 Vulnerabilidad Critica en GitHub Enterprise Server
Gravedad: Alta
Fecha de publicaci\u00f3n: octubre 21, 2024
\u00daltima revisi\u00f3n: octubre 21, 2024
Fuente: https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-9487
Afectados:
GitHub Enterprise Server (GHES), versiones anteriores a 3.15.<\/p>\n\n\n\n
I. Descripci\u00f3n
GitHub Enterprise Server contiene una vulnerabilidad cr\u00edtica que cuya explotaci\u00f3n podr\u00eda permitir a un atacante acceder sin autorizaci\u00f3n a datos de usuarios.<\/p>\n\n\n\n
II. Detalle
Para explotar esta vulnerabilidad (CVE-2024-9487), se requiere que la funci\u00f3n de aserciones cifradas est\u00e9 activada, y el atacante necesitar\u00eda acceso directo a la red, as\u00ed como una respuesta SAML firmada o un documento de metadatos.<\/p>\n\n\n\n
III. Referencia a soluciones, herramientas e informaci\u00f3n
Actualizar GHES a las versiones:<\/p>\n\n\n\n
3.11.16;
3.12.10;
3.13.5;
3.14.2.<\/p>\n\n\n\n
IV. Informaci\u00f3n de contacto
CSIRT PANAMA
Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental
E-Mail: info@cert.pa
Phone: +507 520-CERT (2378)
Web: https:\/\/cert.pa
Twitter: @CSIRTPanama
Key ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"
CSIRT Panam\u00e1 Aviso 2024-oct-21 Vulnerabilidad Critica en GitHub Enterprise ServerGravedad: AltaFecha de publicaci\u00f3n: octubre 21, 2024\u00daltima revisi\u00f3n: octubre 21, 2024Fuente: https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-9487Afectados:GitHub Enterprise Server (GHES), versiones anteriores a 3.15. I. Descripci\u00f3nGitHub Enterprise Server contiene una vulnerabilidad…<\/p>\n","protected":false},"author":5,"featured_media":3966,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[72,175,68],"class_list":["post-3965","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-avisos-de-seguridad","tag-github-enterprice-server","tag-vulnerabilidades"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3965","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3965"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3965\/revisions"}],"predecessor-version":[{"id":3967,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3965\/revisions\/3967"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/3966"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3965"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3965"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3965"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}