Critical Authentication Bypass Resolved in GitHub Enterprise Server

May 22, 2024 at 09:03AM GitHub has released patches for a critical-severity vulnerability in Enterprise Server, impacting instances using SAML SSO authentication and encrypted assertions. The CVE-2024-4985 vulnerability allows unauthorized access to administrative privileges. GitHub advises updating to patched releases 3.9.15, 3.10.12, 3.11.10, or 3.12.4 to mitigate the risk. Users are urged to prioritize implementing … Read more

GitHub Rotates Credentials in Response to Vulnerability

January 17, 2024 at 08:30AM GitHub rotated credentials and addressed a vulnerability impacting GitHub.com and GitHub Enterprise Server after receiving a vulnerability report. The security defect allowed access to credentials within a production container but had minimal impact. GitHub resolved the flaw and released patches for GitHub Enterprise Server, also rotating the private GitHub GPG … Read more