all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

A Vulnerability in GitHub Enterprise Server (GHES) Could Allow for Authentication Bypass

Add to bookmarks
May 23, 2024, 4:45 p.m. |

Center for Internet Security - Multi-State Information Sharing and Analysis Center www.cisecurity.org

A vulnerability has been discovered in GitHub Enterprise Server (GHES), which could allow for authentication bypass. GHES is a popular platform for software developers. Organizations can build and store software applications using Git version control and automate deployment pipelines. Successful exploitation of this vulnerability could allow for an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. An attacker could then view, change, or delete data; or create new accounts with …

applications authentication authentication bypass automate build bypass can control deployment developers enterprise exploitation ghes git github github enterprise server organizations pipelines platform popular server software software applications software developers store version vulnerability

Visit resource

More from www.cisecurity.org / Center for Internet Security - Multi-State Information Sharing and Analysis Center

Multiple Vulnerabilities in Progress MOVEit Products Could Allow for Authentication Bypass 23 hours ago | www.cisecurity.org
application authentication authentication bypass bypass +17
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 1 day ago | www.cisecurity.org
arbitrary code arbitrary code execution chrome code +7
Multiple Vulnerabilities in VMware Products Could Allow for Remote Code Execution 1 week ago | www.cisecurity.org
centralized management cloud cloud platform code +23
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2 weeks ago | www.cisecurity.org
arbitrary code arbitrary code execution chrome code +7
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2 weeks ago | www.cisecurity.org
adobe adobe experience manager apps arbitrary code +19
Critical Patches Issued for Microsoft Products, June 11, 2024 2 weeks ago | www.cisecurity.org
accounts attacker change code +14
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2 weeks ago | www.cisecurity.org
access arbitrary code arbitrary code execution browser +16
A Vulnerability in SolarWinds Serv-U Could Allow for Path Transversal 2 weeks, 4 days ago | www.cisecurity.org
can disclosure enterprise file +20
Multiple Vulnerabilities in PHP Could Allow for Remote Code Execution 2 weeks, 4 days ago | www.cisecurity.org
account applications code code execution +14

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Technology Specialist I: Windows Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California
View on infosec-jobs.com

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
View on infosec-jobs.com

Vice President, Controls Design & Development-7

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Vice President, Controls Design & Development-5

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Data Scientist & AI Prompt Engineer

@ Varonis | Israel
View on infosec-jobs.com

Contractor

@ Birlasoft | INDIA - MUMBAI - BIRLASOFT OFFICE, IN
View on infosec-jobs.com