2024-05-22 11:31:06 UTC

A critical vulnerability that could allow for authentication bypass in GitHub Enterprise Server has been discovered. The vulnerability, tracked as CVE-2024-4985 and rated with a maximum severity score of 10.0, affects instances of GitHub Enterprise Server using SAML single sign-on authentication. GitHub has since released a fix for the vulnerability. Threat actors could exploit the vulnerability to spoof a SAML response and gain unauthorized access. For more information, visit the Heimdal Security Blog.