Fixed two moderate bugs
Another vulnerability fixed with the patch is CVE-2024-7711, which received a “moderate” rating in the 5.3 CVSS score. The vulnerability is an incorrect authorization vulnerability that allows an attacker to update the title, assignees, and labels of any issue within a public repository, according to GitHub.
CVE-2024-6337, the third vulnerability addressed in the release, is an incorrect authorization vulnerability that could allow an attacker to expose the content of an issue from a private environment using GitHub Apps with only content: read and pull requests: write permissions.
“This (CVE-2024-6337) was only executable with a user access token, and access tokens were not affected,” GitHub added. Vulnerability received a CVSS rating of 5.9. This is the second time in three months that GitHub has been hit with a serious SAML authentication bug. In May, GitHub Enterprise Server was affected by a critical 10-of-10 CVSS scorer that exposed GitHub enterprise customers to attackers who gained administrative privileges on enterprise accounts.
Source link