"GitHub Warns of SAML Auth Bypass Flaw in Enterprise Server"

GitHub fixed a maximum severity authentication bypass vulnerability that affects GitHub Enterprise Server (GHES) instances using SAML Single Sign-On (SSO) authentication. An attacker could forge a SAML response and gain administrator privileges, enabling unrestricted access to the instance's contents without authentication. GHES is a self-hosted alternative that caters to the needs of organizations that would rather store repositories on private cloud environments or their own servers. This article continues to discuss the potential exploitation and impact of the authentication bypass vulnerability.

Bleeping Computer reports "GitHub Warns of SAML Auth Bypass Flaw in Enterprise Server"

Submitted by grigby1