GitHub Authentication Bypass Opens Enterprise Server To Attackers

A max-critical security vulnerability in GitHub’s Enterprise Server could allow attackers to bypass authentication and obtain administrative privileges.

The good news is that the bug (CVE-2024-4985, CVSS 10) only affects implementations that use the SAML single sign-on (SSO) authentication approach with the optional encrypted assertions feature enabled.

An attacker can exploit the issue by creating a fake SAML response to provision and/or gain access to a user with site administrator privileges, according to the bug advisory.

Versions of GitHub Enterprise Server prior to 3.13.0 are affected; the Microsoft-owned platform issued an emergency fix in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4.

SEO Powered Content & PR Distribution. Get Amplified Today.
PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
Source: https://www.darkreading.com/vulnerabilities-threats/github-authentication-bypass-opens-enterprise-server-attackers

Generative Data Intelligence

GitHub Authentication Bypass Opens Enterprise Server to Attackers

Air Arabia resumes its flights from Sharjah, UAE, to Basra in Iraq

Cessna Citation Ascend test programme soars ahead as second flight test article successfully takes flight

Latest Intelligence

Celebrating 20 years and comparing mainstream EVs | Autoblog Podcast #836 – Autoblog

What’s the difference between Shamir, TSS, MPC, Multisig, and VSS in crypto custody?

Exploring Generative AI Responsibly with SAS – KDnuggets

Bitcoin is Exponential Gold: Top Fidelity Executive

Binance Founder CZ Owns An Astonishing 64% Of BNB Circulating Supply: Report

Coinbase Suspends Transactions For A Pair Of Cryptocurrencies: The Reasons Explained – CryptoInfoNet