The critical vulnerability rated 9.5 on the CVSS found in GitHub Enterprise Server could grant attackers unauthorized admin access, endangering an organization’s code repositories.
GitHub has released a fix for a critical vulnerability affecting GHES that utilizes SAML for authentication, allowing potential unauthorized access via a forged SAML response.
Organizations using vulnerable GHES versions 3.13.0 to 3.13.2 and others should update immediately to prevent potential exploitation, as attacks are likely already in progress.
The bug bounty program led to the identification of not only this critical flaw but also two medium-severity vulnerabilities that could impact how public repository issues are managed.
Collection
[
|
...
]