Source: www.darkreading.com – Author: Dark Reading Staff
1 Min Read
Source: Igor Golovnov via Alamy Stock Photo
A max-critical security vulnerability in GitHub’s Enterprise Server could allow attackers to bypass authentication and obtain administrative privileges.
The good news is that the bug (CVE-2024-4985, CVSS 10) only affects implementations that use the SAML single sign-on (SSO) authentication approach with the optional encrypted assertions feature enabled.
An attacker can exploit the issue by creating a fake SAML response to provision and/or gain access to a user with site administrator privileges, according to the bug advisory.
Versions of GitHub Enterprise Server prior to 3.13.0 are affected; the Microsoft-owned platform issued an emergency fix in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4.
Original Post URL: https://www.darkreading.com/vulnerabilities-threats/github-authentication-bypass-opens-enterprise-server-attackers
Category & Tags: –
Views: 0
