GitHub Security Bulletin

intelligence gathering

GitHub Enterprise Server Exposed to Serious High-Risk Authentication Bypass Vulnerability

An authentication bypass vulnerability in GitHub Enterprise Server (GHES) when using SAML single sign-on with optional cryptographic assertions can be exploited by an attacker to spoof a SAML response to configure and gain site administrator privileges. This allows an attacker to gain unauthorized access to an instance without prior authentication.

chief security officer
May 22, 2024
01.3K02