GitHub service has paid $18,000 to a security researcher who discovered a vulnerability in the GitHub Enterprise. This security flaw allowed to remotely execute a malicious code. The vulnerability was fixed on January 31 when the company had released GitHub Enterprise 2.8.7 patch. However, GitHub and independent researcher
Markus Fenske disclosed the details about this bag only last week.
GitHub Enterprise is a corporate version of GitHub.com which designed to deploy the GitHub platform in a private network. Markus Fenske decided to look for vulnerabilities in this platform as he was inspired by review about the possibility of SQL injections in the GitHub Enterprise which was published earlier by
a security researcher Orange Tsai. The expert found the problem within two minutes while researching the source code. Fenske came across a vulnerability in the first file (config.ru) of the first application (management interface).
The problem was fixed in 5 days after the discovery. Markus Fenske was rewarded $10,000 and received a place in the GitHub “Hall of Fame”. Later GitHub paid an additional $8,000 award to the researcher.