back to article GitHub Enterprise Server patches 10-outta-10 critical hole

GitHub has patched its Enterprise Server software to fix a security flaw that scored a 10 out of 10 CVSS severity score. The vulnerability affects instances of GitHub Enterprise Server, and gives full admin access to anyone exploiting the issue in any version of the code prior to version p3.13.0 of the code base. "On …

  1. Steve Hersey

    Interesting, but frustrating.

    It seems that the Github Web interface provides no way for the user to identify what server version is running. "About" and "Status" redirect to generic GitHub pages. Kinda pathetic.

    1. Ken Hagan Gold badge

      Re: Interesting, but frustrating.

      I think that's just best practice, isn't it? Don't make it too easy for an attacker to find a vulnerable target.

    2. Anonymous Coward
      Anonymous Coward

      Re: Interesting, but frustrating.

      Go to the base address for your enterprise server e.g. github.<company>.com or whatever yours is, then down the bottom of the page there is normally the copyright with a year and the github server version being run.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like