pull down to refresh

Critical Github enterprise Server Authentication bypass bugwww.theregister.com/2024/05/22/github_enterprise_server_patch/
312 sats \ 2 comments \ @Gian 22 May security
write
preview
related posts
10 sats \ 1 reply \ @0xbitcoiner 22 May
On the bright side, someone made up to $30,000+ for finding it
GitHub has patched its Enterprise Server software to fix a security flaw that scored a 10 out of 10 CVSS severity score.
bug bounty working!
reply
21 sats \ 0 replies \ @ek 22 May freebie
One could argue that $30k is not enough for a CVSS score of 10 but I don’t know
update: even the article mentions $30k as conservative
Though, even $30,000 might be conservative. "The upper bound for critical vulnerabilities is only a guideline, and GitHub may reward higher amounts for exceptional reports," GitHub says. Since this was a maximum severity security hole, the person who found it might have been paid very generously indeed.
So maybe they were paid more
reply