How severe is CVE-2024-4985?

This vulnerability has a severity rating of CRITICAL with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-4985?

This is classified as CWE-303, which is a common weakness in software security.

CVE-2024-4985 - CRITICAL Severity | CVSS N/A

Vulnerability Description

An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13.0 and was fixed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4. This vulnerability was reported via the GitHub Bug Bounty program.

Related Vulnerabilities

CVE-2022-20695

CRITICAL

CVSS:10.0(Critical)

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the ...

CWE-3032022

CVE-2018-4841

CRITICAL

CVSS:9.8(Critical)

A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device wi...

CWE-3032018

CVE-2021-32691

CRITICAL

CVSS:9.8(Critical)

Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their ba...

CWE-3032021

CVE-2022-20923

CRITICAL

CVSS:9.8(Critical)

A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authent...

CWE-3032022

CVE-2023-29129

CRITICAL

CVSS:9.8(Critical)

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix...

CWE-3032023

CVE-2023-29357

CRITICAL

CVSS:9.8(Critical)

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CWE-3032023