Security News > 2024 > May > Critical GitHub Enterprise Server Flaw Allows Authentication Bypass
2024-05-21 16:16
GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication. "On instances that use SAML single sign-on (SSO) authentication with the
News URL
https://thehackernews.com/2024/05/critical-github-enterprise-server-flaw.html
Related news
- GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access (source)
- Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) (source)
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
- Critical Ivanti vTM auth bypass bug now exploited in attacks (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-20 | CVE-2024-4985 | An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. | 0.0 |