| ▲ | baccatore a day ago | |
Why do they need to stir up needless fear by using words like "BREAKING", "unauthorized access", or "millions of repositories" about the vulnerability that they caught before it was exploited in their X.com? | ||
| ▲ | semiquaver 18 hours ago | parent | next [-] | |
Basically every single GitHub Enterprise Server deployment is still vulnerable to this bug. that is tens of thousands of appliances containing incredibly sensitive code. Also, this was about as bad as a vulnerability can get. It’s not exaggerating to say that all private code on GitHub should be considered compromised because of this issue. An anonymous user could have read every single private repo. To me, that warrants BREAKING. | ||
| ▲ | philipwhiuk a day ago | parent | prev [-] | |
None of that is inaccurate? GitHub got lucky it was Wiz fuzzing them not state-sponsored agents? | ||