漏洞类别:General remote services
漏洞等级: 
漏洞信息
GitHub is a web-based Git or version control repository and Internet hosting service.
There is a bug that resulted in a static value being used as the Ruby on Rails session secret for GitHub Enterprise's management console.
漏洞危害
A static session secret could allow an attacker to sign arbitrary session cookies and exploitation could result in remote code execution on the server.
解决方案
This issue has been fixed in GitHub Enterprise 2.8.7 or later versions.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论