May 21, 2024 at 01:22PM GitHub has addressed a critical flaw (CVE-2024-4985) in GitHub Enterprise Server, allowing unauthorized access on instances using SAML SSO with encrypted assertions. The issue affects versions prior to 3.13.0 and has been fixed in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4. Organizations using vulnerable versions are advised to update for security. … Read more
May 21, 2024 at 11:07AM GitHub has patched a critical authentication bypass vulnerability (CVE-2024-4986) in GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO), allowing attackers to gain admin privileges and unrestricted access to instance contents. The flaw only affects instances using SAML SSO with encrypted assertions. The fixed versions, released on May 20, … Read more
January 17, 2024 at 08:30AM GitHub rotated credentials and addressed a vulnerability impacting GitHub.com and GitHub Enterprise Server after receiving a vulnerability report. The security defect allowed access to credentials within a production container but had minimal impact. GitHub resolved the flaw and released patches for GitHub Enterprise Server, also rotating the private GitHub GPG … Read more
January 16, 2024 at 05:23PM GitHub resolved vulnerabilities enabling attackers to access credentials in production containers by patching CVE-2024-0200. The update applies to GitHub Enterprise Server versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. While potential exploitation requires an organization owner role, GitHub rotated exposed credentials and urges swift security update installation. Additionally, a command injection vulnerability … Read more