A max-critical security vulnerability in GitHub’s Enterprise Server could allow attackers to bypass authentication and obtain administrative privileges.
The good news is that the bug (CVE-2024-4985, CVSS 10) only affects implementations that use the SAML single sign-on (SSO) authentication approach with the optional encrypted assertions feature enabled.
An attacker can exploit the issue by creating a fake SAML response to provision and/or gain access to a user with site administrator privileges, according to the bug advisory.
Versions of GitHub Enterprise Server prior to 3.13.0 are affected; the Microsoft-owned platform issued an emergency fix in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4.
Source: www.darkreading.com
Related posts:
Securing the Stopgap: Controlling Access to SaaS Applications
One man dead after car crashes into tree in San Jose near Rose Garden
Steve Nash out as Brooklyn Nets coach after poor start, more controversy
Suspended Virginia Tech football player indicted for mistaken gender-identity murder
'It's only goodbye for now, I'll be back': George Santos drops congressional bid