An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13.0 and was fixed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4. This vulnerability was reported via the GitHub Bug Bounty program.
History

Wed, 27 Aug 2025 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_P

Published:

Updated: 2024-08-01T20:55:10.505Z

Reserved: 2024-05-16T03:36:45.225Z

Link: CVE-2024-4985

cve-icon Vulnrichment

Updated: 2024-08-01T20:55:10.505Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-20T22:15:08.727

Modified: 2025-08-27T20:53:04.547

Link: CVE-2024-4985

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T11:31:50Z