GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)

A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned GitHub. Fortunately, there is a catch that may narrow down the pool of potential victims: instances are vulnerable to attack only if they use SAML single sign-on (SSO) authentication AND have the (optional) encrypted assertions feature enabled. About CVE-2024-4985 GitHub Enterprise Server is a software development platform that organizations host either on-premises or on a … More →

The post …

access attack auth authentication bug bypass catch critical cve cve-2024 cve-2024-4985 don't miss down enterprise fixes github github enterprise server hot stuff may microsoft saml server severity sign single single sign-on software development sso vulnerability vulnerable