all InfoSec news
A Vulnerability in GitHub Enterprise Server (GHES) Could Allow for Authentication Bypass
Center for Internet Security - Multi-State Information Sharing and Analysis Center www.cisecurity.org
A vulnerability has been discovered in GitHub Enterprise Server (GHES), which could allow for authentication bypass. GHES is a popular platform for software developers. Organizations can build and store software applications using Git version control and automate deployment pipelines. Successful exploitation of this vulnerability could allow for an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. An attacker could then view, change, or delete data; or create new accounts with …
applications authentication authentication bypass automate build bypass can control deployment developers enterprise exploitation ghes git github github enterprise server organizations pipelines platform popular server software software applications software developers store version vulnerability