Security News > 2024 > October > GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access
2024-10-16 05:06
GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0 "An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing
News URL
https://thehackernews.com/2024/10/github-patches-critical-flaw-in.html
Related news
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-10 | CVE-2024-9487 | Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. | 9.1 |