GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access
GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access
16 October 2024
GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance.
The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0
"An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing