GitHub Rotates Keys to Address High-Severity Vulnerability
GitHub has rotated some keys, including the commit signing key and customer encryption keys, in response to a high-severity vulnerability (CVE-2024-0200) that could potentially expose credentials within a production container. The vulnerability, also present on GitHub Enterprise Server, requires an authenticated user with an organization owner role to be logged in for exploitation. GitHub has also addressed another high-severity bug (CVE-2024-0507) that could allow privilege escalation via command injection.