GitHub Enterprise improper authentication vulnerability was identified

Subject : GitHub Enterprise improper authentication vulnerability was identified

Severity : HIGH (CVE-2023-6847) CVSSv3.0 Score : 7.5
Date : 29/12/2023

Information

  GitHub Enterprise Server is a private code hosting platform for organizations. It is a commercial version of GitHub.com, and it allows organizations to host their code and private data on their own servers. This gives organizations more control over security and privacy.

GitHub Enterprise Server is ideal for organizations with high security and privacy needs.

Incident

  An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode.

Recommendation

–GitHub Enterprise Server versions 3.9.7, 3.10.4, and 3.11.1.

–Restrict Network Access: Implement firewalls and network segmentation to limit access to the Enterprise Server appliance.

–Actively watch for suspicious activity in server logs.

–Consider additional authentication measures beyond passwords.

 

The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
061 404 5895 (Ms.Thanyakan)
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)

 

References

https://www.opencve.io/cve/CVE-2023-6847

https://github.com/advisories/GHSA-cfmj-7rv7-v356

https://www.redpacketsecurity.com/github-enterprise-server-security-bypass-cve-2023-6847/

https://nvd.nist.gov/vuln/detail/CVE-2023-6847

 

Weekly Interesting CVE

NO.

CVE Name

Published Date

Last Update

Device/Appplication/OS Target

Attack Type

CVSS
Severity Rating

Detail

1

CVE-2023-51419

29/12/2023

29/12/2023

WordPress BERTHA AI Plugin Prior to version 5.12.21

Unrestricted Upload of File with Dangerous Type

 

10

Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7.

2

CVE-2023-7163

28/12/2023

28/12/2023

D-Link D-View 8 version 2.0.2.89

Improper Input Validation

10

A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory becoming full, or the execution of tasks on other probes.

3

CVE-2023-50255

27/12/2023

27/12/2023

Deepin Linux OS. Prior to 5.12.21

Path Traversal

9.3

Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability.

4

CVE-2023-5367

25/10/2023

2/1/2024

x.org : xwayland,x_server
debian : debian_linux,fedoraproject,fedora version 11.0,12.0
redhat : enterprise_linux version 7.0,8.0,9.0

out-of-bounds write

7.8

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset, allowing for possible escalation of privileges or denial of service.

5

CVE-2023-6847

21/12/2023

29/12/2023

GitHub Enterprise Server since 3.9

bypass of Private Mode

7.5

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode.

Malware News or Campaign IOC/IOA

No

Campaign Name

Detection in Thailand​
(/1m Divs

Detection Date

Attack

Type

Severity

 

Description

 

Solution

1

Sandworm Targeted Ukrainian Critical Infrastructure With New Variant Of CaddyWiper

2​

26/12/2023​

Ransomware, Tool, Web shell​

Low​

n a late 2022 incident, researchers responded to a cyber-physical attack by the Russia-linked threat actor Sandworm, targeting a Ukrainian critical infrastructure organization. The attack comprised multiple events and employed a novel technique to impact industrial control systems (ICS) and operational technology (OT). Sandworm initially used OT-level living-off-the-land (LotL) techniques to likely trip the victim’s substation circuit breakers, causing a power outage concurrent with mass missile strikes on Ukraine's critical infrastructure. In a subsequent event, Sandworm deployed a new variant of CaddyWiper in the victim’s IT environment. This incident highlights the evolving capabilities of Russia’s cyber-physical attack strategy, demonstrating maturity in offensive OT tactics and the ability to recognize and exploit novel threat vectors. The use of LotL techniques suggests efficiency in executing cyber-physical attacks. While the initial intrusion point remains undetermined, the analysis suggests that the OT component may have been developed in as little as two months, indicating the threat actor's capability to quickly adapt and target various OT systems worldwide.​

1.Update MicroSCADA to supported versions​

2.Configure MicroSCADA to require authentication and establish a least privilege design for user permissions.​

3.If/where feasible, configure the base system in “read-only” mode and  ensure no external SCIL-API programs (such as scilc.exe) are allowed.​

Ref. https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational- technology​
       https://www.i-secure.co.th/2023/11/แฮ็กเกอร์ชาวรัสเซียใช้/

17 January 2024

Viewed 134 time

Engine by shopup.com