A critical bug in GitHub Enterprise Server could allow an attacker to gain unauthorized access to a user account with administrative privileges and then wreak havoc on an organization's code repository.
My jobs Before I was a project manager
The good news is that there is a fix. The Microsoft-owned code hosting service fixed the 9.5 CVSS-classified bug tracked as CVE-2024-6800 in GitHub Enterprise Server (GHES) versions 3.13.3, 3.10.16, 3.11.14, and 3.12.8.
Organizations running a vulnerable instance of GitHub Enterprise Server (GHES), GitHub's proprietary version, will likely do well to download the update ASAP as debuggers are likely already looking for this CVE.
Affected versions of GHES include 3.13.0 to 3.13.2, 3.10.0 to 3.10.15, 3.11.0 to 3.11.13, and 3.12.0 to 3.12.7.