Authentication can be bypassed, GitHub enterprise servers exposed to full score vulnerability with PoC

Recently, security researchers disclosed a critical vulnerability (CVE-2024-4985, cvss score: 10.0) in the GitHub Enterprise Server (GHES) that allows an unauthorized attacker to access GHES instances without pre-authentication. A fix has been rolled out by GitHub, and no large-scale exploitation of the vulnerability has been found, so users can update GHES to a patched version (3.9.15, 3.10.12, 3.11.10, 3.12.4 or later). If an immediate update is not possible, consider temporarily disabling SAML authentication or cryptographic assertion features as a temporary mitigation.
Reference: https://cncso.com/critical-github-enterprise-server-flaw-allows-authentication-bypass.html

Authentication can be bypassed, GitHub enterprise servers exposed to full score vulnerability with PoC

Previous:

Next:

Leave a Reply

Please Login to Comment