Rewterz

Rewertz Threat Update – Orbit Chain Breach Results in Theft of Over $81 Million in Cryptocurrency

January 4, 2024
Rewterz

Rewterz Threat Alert – Bitter APT Group – Active IOCs

January 5, 2024

Rewterz Threat Advisory – CVE-2023-6804 – GitHub Enterprise Server Vulnerability

Severity

Medium

Analysis Summary

CVE-2023-6804

GitHub Enterprise Server could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper privilege management. An attacker could exploit this vulnerability to cause arbitrary workflows to be committed and run using an improperly scoped PAT.

Impact

  • Privileges Escalation

Indicators Of Compromise

CVE

  • CVE-2023-6804

Affected Vendors

GitHUB

Affected Products

  • GitHub Enterprise Server 3.9.6
  • GitHub Enterprise Server 3.10.3
  • GitHub Enterprise Server 3.11.0
  • GitHub Enterprise Server 3.8.11

Remediation

Refer to GitHub Docs Website for patch, upgrade or suggested workaround information.

GitHub Docs Website

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.