cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-9487,https://securityvulnerability.io/vulnerability/CVE-2024-9487,Unauthorized Provisioning of Users and Access via SAML SSO Authentication Vulnerability,"A vulnerability was detected that allowed improper verification of cryptographic signatures within GitHub Enterprise Server. This caused potential bypass of SAML SSO authentication, enabling unauthorized provisioning of users and unwarranted access to the instance. The exploitation of this vulnerability required the attacker to have direct network access, coupled with a signed SAML response or metadata document. It is critical to note that this issue affects all versions prior to 3.15 and has been addressed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2.",Github,Enterprise Server,9.1,CRITICAL,0.008320000022649765,false,,false,false,false,,,true,false,,2024-10-10T22:15:00.000Z,4657
CVE-2024-4985,https://securityvulnerability.io/vulnerability/CVE-2024-4985,Authentication Bypass Vulnerability in GitHub Enterprise Server via SAML Single Sign-On,"An authentication bypass vulnerability exists in GitHub Enterprise Server when using SAML single sign-on with the optional encrypted assertions feature. This allows an attacker to forge a SAML response, gaining access to sensitive user privileges, including site administrator rights. Exploiting this vulnerability enables unauthorized entry into the server instance without prior authentication. All versions of GitHub Enterprise Server up to 3.13.0 are affected, with remediation available in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4 as detailed in the GitHub Bug Bounty program reports.",GitHub,,,,0.00044999999227002263,false,,true,true,true,2024-05-22T16:30:31.000Z,,true,false,,2024-05-20T22:15:00.000Z,9232