CRITICAL GITHUB ENTERPRISE SERVER AUTHENTICATION BYPASS BUG

GitHub addressed a critical authentication bypass vulnerability (CVE-2024-4985) in the GitHub Enterprise Server (GHES) that could allow an attacker to forge SAML responses and gain administrative privileges without prior authentication. The vulnerability, which had a CVSS score of 10.0, affected GHES installations using SAML single sign-on with encrypted assertions. It was fixed in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4, and only impacted installations that enabled the optional encrypted assertions feature, which is not enabled by default. The issue was reported through GitHub’s Bug Bounty program.

CRITICAL GITHUB ENTERPRISE SERVER AUTHENTICATION BYPASS BUG

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address

CRITICAL GITHUB ENTERPRISE SERVER AUTHENTICATION BYPASS BUG

22-May-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address