GitHub Patches Critical Vulnerability in Enterprise Server

October 15, 2024 at 01:31PM A critical vulnerability in GitHub Enterprise Server could allow unauthorized access to affected instances. GitHub has released a patch to address this severe flaw, ensuring better security for users. **Meeting Takeaways:** 1. **Critical Vulnerability Identified**: A severe flaw has been discovered in GitHub Enterprise Server that poses a significant risk, … Read more

Critical Authentication Bypass Resolved in GitHub Enterprise Server

May 22, 2024 at 09:03AM GitHub has released patches for a critical-severity vulnerability in Enterprise Server, impacting instances using SAML SSO authentication and encrypted assertions. The CVE-2024-4985 vulnerability allows unauthorized access to administrative privileges. GitHub advises updating to patched releases 3.9.15, 3.10.12, 3.11.10, or 3.12.4 to mitigate the risk. Users are urged to prioritize implementing … Read more

GitHub Enterprise Server patches 10-outta-10 critical hole

May 22, 2024 at 03:35AM GitHub patched a critical security flaw in its Enterprise Server software with the release of version p3.13.0, impacting instances using SAML SSO authentication. The bug, CVE-2024-4985, allows attackers to gain admin privileges when encrypted assertions are enabled. Microsoft-owned GitHub learned about the flaw through its bug bounty program, rewarding the … Read more