A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned GitHub. Fortunately, there is a catch that may narrow down the pool of potential victims: instances are vulnerable to attack only if they use SAML single sign-on (SSO) authentication AND have the (optional) encrypted assertions feature enabled. About CVE-2024-4985 GitHub Enterprise Server is a software development platform that organizations host either on-premises or on a … More

The post GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) appeared first on Help Net Security.