A Vulnerability in GitHub Enterprise Server (GHES) Could Allow for Authentication Bypass

Read Time:25 Second

A vulnerability has been discovered in GitHub Enterprise Server (GHES), which could allow for authentication bypass. GHES is a popular platform for software developers. Organizations can build and store software applications using Git version control and automate deployment pipelines. Successful exploitation of this vulnerability could allow for an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. An attacker could then view, change, or delete data; or create new accounts with full user rights.

Friday Squid Blogging: Anniversary Post

US Sanctions Chinese Cybersecurity Firm for Global Botnet Attacks

Atos Group Denies Space Bears’ Ransomware Attack Claims

ShredOS

Crypto Boss Extradited to Face $40bn Fraud Charges

DDoS Disrupts Japanese Mobile Giant Docomo

Web3 Attacks Result in $2.3Bn in Cryptocurrency Losses

Apple Agrees $95M Settlement Over Siri Privacy Violations

US Confirms Russian GenAI Disinformation Op Targeted Election

A Vulnerability in GitHub Enterprise Server (GHES) Could Allow for Authentication Bypass

suricata-7.0.8-1.el8

suricata-7.0.8-1.fc40

suricata-7.0.8-1.el9

suricata-7.0.8-1.fc41

rabbitmq-server-4.0.5-2.fc42

ZDI-CAN-25727: Rockwell Automation