Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
GitHub Authentication Bypass Opens Enterprise Server to Attackers
The max-severity bug affects versions using the SAML single sign-on mechanism.
1 Min Read
Source: Igor Golovnov via Alamy Stock Photo
A max-critical security vulnerability in GitHub's Enterprise Server could allow attackers to bypass authentication and obtain administrative privileges.
The good news is that the bug (CVE-2024-4985, CVSS 10) only affects implementations that use the SAML single sign-on (SSO) authentication approach with the optional encrypted assertions feature enabled.
An attacker can exploit the issue by creating a fake SAML response to provision and/or gain access to a user with site administrator privileges, according to the bug advisory.
Versions of GitHub Enterprise Server prior to 3.13.0 are affected; the Microsoft-owned platform issued an emergency fix in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4.
About the Author(s)
You May Also Like
More Insights
Events
Black Hat USA - Aug 3-8 - The Premier Technical Cybersecurity Conference - Learn More
August 3, 2024Anatomy of a Data Breach - Dark Reading June 20 Event
June 20, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024
_Michael_Burrell_Alamy.jpg?width=700&auto=webp&quality=80&disable=upscale)
