Na mmelite mmezi nke GitHub Enterprise Server platform 3.12.4, 3.11.10, 3.10.12 na 3.9.15, ezubere maka ibuga gburugburu ebe dị iche iche maka mmepe mmekọrịta dabere na teknụzụ GitHub na akụrụngwa nke gị, adịghị ike (CVE-2024). Achọpụtara -4985) nke na-enye ohere ịnweta ikike nchịkwa na-enweghị nkwenye. Nsogbu a na-eme naanị na nhazi otu nbanye nke dabeere na SAML nke enyerela nkwupụta ezoro ezo. Site na ndabara, ọnọdụ a nwere nkwarụ, mana ewepụtara ya dị ka ihe mgbakwunye maka ịkwalite nchekwa, na-arụ ọrụ na ntọala "Ntọala/Authentication/Na-achọ nkwenye ezoro ezo".
Enyerela adịghị ike ahụ ọkwa dị oke egwu (10 n'ime 10). Achọghị akaụntụ iji mee mwakpo. A naghị enye nkọwa gbasara nrigbu nke adịghị ike ahụ, a na-ekwu naanị na a na-ebuso agha ahụ site n'ịgha ụgha nke nzaghachi SAML site na onye so na GitHub Bug Bounty, nke na-akwụ ụgwọ maka ịchọta nchekwa. nsogbu.
isi: opennet.ru
