GitHub Fixes Maximum Severity Flaw in Enterprise Server
GitHub has patched a critical vulnerability (CVE-2024-4985) in its GitHub Enterprise Server (GHES), which had a maximum CVSS score of 10.
This flaw, an authentication bypass vulnerability, could have allowed unauthorized access to a targeted instance without requiring prior authentication. It affects all GHES versions prior to 3.13.0. However, only instances using optional encrypted assertions and SAML single sign-on were at risk. The high CVSS score indicates users are at an incredibly high risk of network break-ins by attackers.
Analysis from our SOC team
The article does not indicate if the CVE-2024-4985 (CVSS 10) is being actively exploited but with the publication of the CVE it will bring the attention of threat actors.
Upgrade the following affected version:
– GHES 3.9.15 ==> 3.13.0 and above
– GHES 3.10.12 ==> 3.13.0 and above
– GHES 3.11.10 ==> 3.13.0 and above
– GHES 3.12.4 ==> 3.13.0 and above
Approach SOC team can assist you in the event of an incident or suspected compromise.
Google has released a patch for a new zero-day vulnerability (CVE-2024-4671) in Google Chrome, just four days after addressing another one.
This high-severity flaw is an out-of-bounds write issue in the V8 JavaScript and WebAssembly engine. Exploiting CVE-2024-4671 could allow a threat actor to evade sandboxing, enabling them to move beyond the browser tab to other web apps or the network via a crafted HTML page. Hackers can use such out-of-bounds write vulnerabilities to compromise data integrity, execute arbitrary code on infected devices, perform lateral movement, or crash a system.
Analysis from our SOC team
As indicated in the article, the CVE-2024-4671 is being exploited in the wild. To stay safe from this zero-days, users are urged to upgrade their browsers to Chrome version:
– 124.0.6367.201 for Windows
– 124.0.6367.202 for macOS
– 124.0.6367.201 for Linux
Ivanti has addressed multiple critical vulnerabilities in its Endpoint Manager (EPM), including remote code execution vulnerabilities. These flaws could be exploited by a remote attacker to gain code execution under certain conditions. The vulnerabilities, which impact EPM 2022 SU5 and earlier versions, are SQL injection issues that could be exploited by an unauthenticated attacker within the same network to execute arbitrary code.
Six out of the ten vulnerabilities (CVE-2024-29822, CVE-2024-29823, CVE-2024-29824, CVE-2024-29825, CVE-2024-29826, CVE-2024-29827) have been rated critical with a CVSS score of 9.6 and (CVE-2024-29828, CVE-2024-29829, CVE-2024-29830, CVE-2024-29846) remains is rated with a CVSS score of 8.6.
Analysis from our SOC team
Ivanti is not aware of any customers being exploited by these vulnerabilities.
Even if the exploit requires you to be on the same network, access to this product would give attackers access to all the machines managed by the solution.
Apply the latest hot patch provided by the vendor.
Fluent Bit, a popular logging and metrics solution used in major Kubernetes distributions, is affected by a critical vulnerability (CVE-2024-4323) with a CVSS score of 9.8. This memory corruption vulnerability, which affects Fluent Bit versions 2.0.7 through 3.0.3, lies in the embedded HTTP server’s parsing mechanism of trace requests addressed to its monitoring API.
By passing non-string values in the “inputs” array of requests, such as integer values, it is possible to cause various memory corruption issues that could lead to denial of service conditions, information disclosure, or remote code execution. The vulnerability has a low attack complexity, does not require any privileges, and has a high impact on confidentiality, integrity, and availability.
Analysis from our SOC team
It’s strongly recommends installing updates for any of the Fluent Bit version prior 3.0.3.
It’s advised to organizations to prioritize the installation of updates for vulnerable devices and conduct thorough testing before deployment. Additionally, organizations are urged to enhance monitoring and detection capabilities to swiftly identify any suspicious activities and respond effectively in case of intrusion.
Our SOC is also available to assist in case there are any doubts or suspicions about potential compromise.
