GitHub has released security updates to address a critical vulnerability (CVE-2024-6800) affecting GitHub Enterprise Server (GHES).
Successful exploitation of the vulnerability by forging a Security Assertion Markup Language (SAML) response could allow an unauthenticated attacker to gain access to a user account with site administrator privileges, allowing the attacker to bypass authentication requirements to gain unrestricted access to the instance's contents.
This vulnerability affects all versions of GitHub Enterprise Server prior to 3.14 except versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16 inclusive.
Users and administrators of affected versions are advised to update to the latest version immediately.
More information is available here: