Subject : GitHub Enterprise improper authentication vulnerability was identified
Severity : HIGH (CVE-2023-6847) CVSSv3.0 Score : 7.5
Date : 29/12/2023
Information
GitHub Enterprise Server is a private code hosting platform for organizations. It is a commercial version of GitHub.com, and it allows organizations to host their code and private data on their own servers. This gives organizations more control over security and privacy.
GitHub Enterprise Server is ideal for organizations with high security and privacy needs.
Incident
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode.
Recommendation
–GitHub Enterprise Server versions 3.9.7, 3.10.4, and 3.11.1.
–Restrict Network Access: Implement firewalls and network segmentation to limit access to the Enterprise Server appliance.
–Actively watch for suspicious activity in server logs.
–Consider additional authentication measures beyond passwords.
The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
061 404 5895 (Ms.Thanyakan)
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
References
–https://www.opencve.io/cve/CVE-2023-6847
–https://github.com/advisories/GHSA-cfmj-7rv7-v356
–https://www.redpacketsecurity.com/github-enterprise-server-security-bypass-cve-2023-6847/
–https://nvd.nist.gov/vuln/detail/CVE-2023-6847
Weekly Interesting CVE
NO. |
CVE Name |
Published Date |
Last Update |
Device/Appplication/OS Target |
Attack Type |
CVSS |
Detail |
---|---|---|---|---|---|---|---|
1 |
CVE-2023-51419 |
29/12/2023 |
29/12/2023 |
WordPress BERTHA AI Plugin Prior to version 5.12.21 |
Unrestricted Upload of File with Dangerous Type |
10 |
Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7. |
2 |
CVE-2023-7163 |
28/12/2023 |
28/12/2023 |
D-Link D-View 8 version 2.0.2.89 |
Improper Input Validation |
10 |
A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory becoming full, or the execution of tasks on other probes. |
3 |
CVE-2023-50255 |
27/12/2023 |
27/12/2023 |
Deepin Linux OS. Prior to 5.12.21 |
Path Traversal |
9.3 |
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability. |
4 |
CVE-2023-5367 |
25/10/2023 |
2/1/2024 |
x.org : xwayland,x_server |
out-of-bounds write |
7.8 |
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset, allowing for possible escalation of privileges or denial of service. |
5 |
CVE-2023-6847 |
21/12/2023 |
29/12/2023 |
GitHub Enterprise Server since 3.9 |
bypass of Private Mode |
7.5 |
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. |
Malware News or Campaign IOC/IOA
No |
Campaign Name |
Detection in Thailand |
Detection Date |
Attack Type |
Severity |
Description |
Solution |
---|---|---|---|---|---|---|---|
1 |
Sandworm Targeted Ukrainian Critical Infrastructure With New Variant Of CaddyWiper |
2 |
26/12/2023 |
Ransomware, Tool, Web shell |
Low |
n a late 2022 incident, researchers responded to a cyber-physical attack by the Russia-linked threat actor Sandworm, targeting a Ukrainian critical infrastructure organization. The attack comprised multiple events and employed a novel technique to impact industrial control systems (ICS) and operational technology (OT). Sandworm initially used OT-level living-off-the-land (LotL) techniques to likely trip the victim’s substation circuit breakers, causing a power outage concurrent with mass missile strikes on Ukraine's critical infrastructure. In a subsequent event, Sandworm deployed a new variant of CaddyWiper in the victim’s IT environment. This incident highlights the evolving capabilities of Russia’s cyber-physical attack strategy, demonstrating maturity in offensive OT tactics and the ability to recognize and exploit novel threat vectors. The use of LotL techniques suggests efficiency in executing cyber-physical attacks. While the initial intrusion point remains undetermined, the analysis suggests that the OT component may have been developed in as little as two months, indicating the threat actor's capability to quickly adapt and target various OT systems worldwide. |
1.Update MicroSCADA to supported versions 2.Configure MicroSCADA to require authentication and establish a least privilege design for user permissions. 3.If/where feasible, configure the base system in “read-only” mode and ensure no external SCIL-API programs (such as scilc.exe) are allowed. |
Ref. https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational- technology
https://www.i-secure.co.th/2023/11/แฮ็กเกอร์ชาวรัสเซียใช้/
17 January 2024
Viewed 202 time