GitHub Enterprise Server vulnerability enables unauthorized access to administrator privileges

In corrective platform updates GitHub Enterprise Server 3.12.4, 3.11.10, 3.10.12 and 3.9.15intended for deployment on your own equipment of a separate environment for joint development based on GitHub technologies, has been identified vulnerability (CVE-2024-4985), which allows you to gain access with administrator rights without authentication. The issue only occurs in configurations with a technology-based single sign-on SAMLwhich enable encryption of messages from identity providers (“encrypted assertions“). By default, this mode is disabled, but is presented as an additional feature for enhancing security, activated in the “Settings/Authentication/Require encrypted assertions” settings.

The vulnerability has been assigned a critical severity level (10 out of 10). An account is not required to carry out an attack. Details about the exploitation of the vulnerability are not provided, it is only mentioned that the attack is carried out through SAML response forgery. Information about the vulnerability was obtained from a program participant GitHub Bug Bountywhich pays rewards for detecting security problems.

Advertisement

Thanks for reading:

Advertisement