GitHub ekpughere adịghị ike nke na-enye ohere ịnweta ọdịnaya nke mgbanwe gburugburu ebe obibi ekpughere n'ime arịa ejiri na akụrụngwa mmepụta. Onye so na Bug Bounty chọpụtara adịghị ike ahụ na-achọ ụgwọ ọrụ maka ịchọta nsogbu nchekwa. Okwu a na-emetụta ma ọrụ GitHub.com yana nhazi GitHub Enterprise Server (GHES) na-agba ọsọ na sistemụ onye ọrụ.
Nyocha nke ndekọ na nyocha nke akụrụngwa egosighi akara ọ bụla nke nrigbu nke adịghị ike n'oge gara aga ma e wezụga ọrụ nke onye nyocha nke kọrọ nsogbu ahụ. Agbanyeghị, ebidola akụrụngwa ahụ iji dochie igodo nzuzo niile yana nzere nwere ike imebi ma ọ bụrụ na onye mwakpo jiri ike mebie ya. Ndochi igodo ime butere mmebi nke ụfọdụ ọrụ site na Disemba 27 ruo 29. Ndị nchịkwa GitHub nwara iburu n'uche mmejọ ndị emere n'oge mmelite nke igodo na-emetụta ndị ahịa mere ụnyaahụ.
Tinyere ihe ndị ọzọ, igodo GPG a na-eji iji akara dijitalụ bịanye aka na ntinye aka nke emepụtara site na onye editọ webụ GitHub mgbe ị na-anabata arịrịọ ịdọrọ na saịtị ma ọ bụ site na ngwa ngwa Codespace emelitere. Igodo ochie kwụsịrị ịdị irè na Jenụwarị 16 n'elekere 23:23 nke oge Moscow, ma ejiri igodo ọhụrụ mee ihe kemgbe ụnyaahụ. Malite na Jenụwarị XNUMX, nkwa ọhụrụ niile ejiri igodo gara aga bịanyere aka agaghị akara ka akwadoro na GitHub.
Jenụwarị 16 emelitere igodo ọha ejiri ezoro data onye ọrụ ezitere site na API na GitHub Actions, GitHub Codespaces, na Dependabot. Ndị ọrụ na-eji igodo ọha GitHub nwere iji lelee ime obodo yana ezoro ezo data na transit ka ha hụ na ha emelitere igodo GitHub GPG ha ka sistemụ ha wee na-arụ ọrụ mgbe agbanwechara igodo.
GitHub etinyelarị adịghị ike na GitHub.com wee wepụta mmelite ngwaahịa maka GHES 3.8.13, 3.9.8, 3.10.5 na 3.11.3, nke gụnyere ndozi maka CVE-2024-0200 (iji echiche na-adịghị mma nke na-eduga koodu ogbugbu ma ọ bụ ụzọ onye ọrụ na-achịkwa n'akụkụ ihe nkesa). Enwere ike ịme mwakpo na nrụnye GHES mpaghara ma ọ bụrụ na onye mwakpo ahụ nwere akaụntụ nwere ikike nwe ụlọ ọrụ.
isi: opennet.ru