GitHub Enterprise Server (GHES) has patched a severe authentication bypass flaw (CVE-2024-4985) that lets attackers gain unauthorized access without prior authentication by forging a SAML response in instances using SAML SSO with encrypted assertions, impacting versions prior to 3.13.0 but addressed in versions 3
9.15, 3.10.12, 3.11.10, and 3.12.4; users are advised to update to secure their instances. ```https://thehackernews.com/2024/05/critical-github-enterprise-server-flaw.html