Add bounty info

Author: wchen-r7

documentation/modules/exploit/linux/http/github_enterprise_secret.md

@@ -4,6 +4,9 @@ serialized malicious object. The second problem is that the serialized string is
 a ```Marshal.load``` API call, which deserializes the malicious object, and executes it. A
 malicious attacker can take advantage of these problems to achieve remote code execution.
 
+According to exablue.de, this RCE was reported to GitHub, and the researcher was rewarded
+$18,000 total.
+
 ## Vulnerable Application
 
 For testing purposes, you can download a Github Enterprise image from the following location: