A critical security vulnerability in GitHub's Enterprise Server (CVE-2024-4985, CVSS 10) allows attackers to bypass authentication via the SAML single sign-on mechanism, potentially granting them administrative privileges. The bug affects versions prior to 3.13
0 with optional encrypted assertions. Microsoft issued emergency fixes in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4. ```https://www.darkreading.com/vulnerabilities-threats/github-authentication-bypass-opens-enterprise-server-attackers