Hacker Fixes Dangerous Problem in GitHub Enterprise Server

GitHub developers have released patches that address a critical vulnerability in GitHub Enterprise Server (GHES). Problem got ID CVE-2024-4985 (maximum 10 points on the CVSS scale) and allowed attackers to bypass authentication when using SAML SSO (Single Sign-On).

As a reminder, GHES is a self-hosted version of GitHub designed for organizations that prefer to store repositories on their own servers or in private cloud environments.

Advertisement

The latest vulnerability allowed attackers to forge a SAML response and gain administrator privileges, giving the attackers unrestricted access without the need for authentication.

The problem was reported through the GitHub bug bounty program. The vulnerability only affects instances that use Security Assertion Markup Language (SAML) SSO with encrypted assertions. This additional feature protects data from interception and man-in-the-middle attacks.

Because encrypted assertions are not configured in GHES by default, CVE-2024-4985 only affects instances whose administrators have enabled this feature.

“On instances using SAML SSO authentication with the optional encrypted assertions feature, an attacker could forge a SAML response to grant or gain access to a user with administrative privileges,” GitHub developers warned.

The vulnerability has already been fixed in GHEL versions 3.12.4, 3.11.10, 3.10.12 And 3.9.15, released earlier this week on May 20, 2024. Organizations running vulnerable versions of GHES are advised to update as soon as possible.

Advertisement

Advertisement