![](https://i0.wp.com/shacklemedia.com/wp-content/uploads/2024/05/github-authentication-bypass-opens-enterprise-server-to-attackers.jpg?w=640&ssl=1)
A max-critical security vulnerability in GitHub’s Enterprise Server could allow attackers to bypass authentication and obtain administrative privileges.
The good news is that the bug (CVE-2024-4985, CVSS 10) only affects implementations that use the SAML single sign-on (SSO) authentication approach with the optional encrypted assertions feature enabled.
An attacker can exploit the issue by creating a fake SAML response to provision and/or gain access to a user with site administrator privileges, according to the bug advisory.
Versions of GitHub Enterprise Server prior to 3.13.0 are affected; the Microsoft-owned platform issued an emergency fix in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4.
Source: www.darkreading.com
Related posts:
Americans are getting de-banked, but some companies are fighting back
NATO-Member Oil Refinery Targeted in Russian APT Blitz Against Ukraine
Aggressive woman demanding ‘reparations’ gets smacked while hounding Target loss prevention officer
China Bans U.S. Chip Giant Micron, Citing "Serious Cybersecurity Problems"
Millbrae councilman says he was injured in weekend attack at S.F.’s Lands End