APT27 Emissary Panda aka LuckyMouse – Active IOCs
August 6, 2024SideWinder APT Group aka Rattlesnake Targeting Pakistan – Active IOCs
August 6, 2024APT27 Emissary Panda aka LuckyMouse – Active IOCs
August 6, 2024SideWinder APT Group aka Rattlesnake Targeting Pakistan – Active IOCs
August 6, 2024Severity
Medium
Analysis Summary
CVE-2024-6336 CVSS:6.5
GitHub Enterprise Server could allow a remote attacker to obtain sensitive information, caused by a security misconfiguration vulnerability. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-5817 CVSS:6.5
GitHub Enterprise Server could allow a remote authenticated attacker to obtain sensitive information, caused by incorrect authorization vulnerability. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-6336
- CVE-2024-5817
Affected Vendors
Affected Products
- GitHub GitHub Enterprise Server 3.10.13
- GitHub GitHub Enterprise Server
Remediation
Upgrade to the latest version of GitHub Enterprise Server, available from the GitHub Website.