GitHub warns of SAML auth bypass flaw in Enterprise Server
May 21, 2024 at 11:07AM GitHub has patched a critical authentication bypass vulnerability (CVE-2024-4986) in GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO), allowing attackers to gain admin privileges and unrestricted access to instance contents. The flaw only affects instances using SAML SSO with encrypted assertions. The fixed versions, released on May 20, … Read more