GitHub Security Bulletin
-
GitHub Enterprise Server Exposed to Serious High-Risk Authentication Bypass Vulnerability
An authentication bypass vulnerability in GitHub Enterprise Server (GHES) when using SAML single sign-on with optional cryptographic assertions can be exploited by an attacker to spoof a SAML response to configure and gain site administrator privileges. This allows an attacker to gain unauthorized access to an instance without prior authentication.