Security News > 2024 > May > Critical GitHub Enterprise Server Flaw Allows Authentication Bypass
2024-05-21 16:16
GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication. "On instances that use SAML single sign-on (SSO) authentication with the
News URL
https://thehackernews.com/2024/05/critical-github-enterprise-server-flaw.html
Related news
- GitHub warns of SAML auth bypass flaw in Enterprise Server (source)
- Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass (source)
- GitHub Enterprise Server patches 10-outta-10 critical hole (source)
- GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) (source)
- ASUS warns of critical remote authentication bypass on 7 routers (source)
- Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw (source)
- Veeam warns of critical Backup Enterprise Manager auth bypass bug (source)
- Authelia: Open-source authentication and authorization server (source)
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- Exploit for critical Veeam auth bypass available, patch now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-20 | CVE-2024-4985 | An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. | 0.0 |