Security News > 2024 > October > GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access
2024-10-16 05:06

GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0 "An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing


News URL

https://thehackernews.com/2024/10/github-patches-critical-flaw-in.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-10-10 CVE-2024-9487 Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance.
network
low complexity
github CWE-347
critical
 9.1
9.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 2 45 29 19 95