#GitHubEnterprise

GitHub warns of SAML auth bypass flaw in Enterprise Server

by

May 21, 2024 at 11:07AM GitHub has patched a critical authentication bypass vulnerability (CVE-2024-4986) in GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO), allowing attackers to gain admin privileges and unrestricted access to instance contents. The flaw only affects instances using SAML SSO with encrypted assertions. The fixed versions, released on May 20, … Read more

Leaked GitHub Token Exposed Mercedes Source Code

by

January 31, 2024 at 12:36PM An employee’s leaked GitHub token at Mercedes-Benz allowed unrestricted access to source code on the carmaker’s GitHub Enterprise server. The breach, discovered in January 2024, could have led to extensive exposure of critical information. RedHunt Labs warns of potential financial and reputational damage. GitHub and other firms have also faced … Read more