GitHub Patches Critical Vulnerability in Enterprise Server

Share This Post

Code hosting platform GitHub has released patches for a critical-severity vulnerability in GitHub Enterprise Server that could lead to unauthorized access to affected instances.

Tracked as CVE-2024-9487 (CVSS score of 9.5), the bug was introduced in May 2024 as part of the remediations released for CVE-2024-4985, a critical authentication bypass defect allowing attackers to forge SAML responses and gain administrative access to the Enterprise Server.

According to the Microsoft-owned platform, the newly resolved flaw is a variant of the initial vulnerability, also leading to authentication bypass.

“An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing unauthorized provisioning of users and access to the instance, by exploiting an improper verification of cryptographic signatures vulnerability in GitHub Enterprise Server,” GitHub notes in an advisory.

The code hosting platform points out that encrypted assertions are not enabled by default and that Enterprise Server instances not configured with SAML SSO, or which rely on SAML SSO authentication without encrypted assertions, are not vulnerable.

“Additionally, an attacker would require direct network access as well as a signed SAML response or metadata document,” GitHub notes.

The vulnerability was resolved in GitHub Enterprise Server versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2, which also address a medium-severity information disclosure bug that could be exploited through malicious SVG files.

To successfully exploit the issue, which is tracked as CVE-2024-9539, an attacker would need to convince a user to click on an uploaded asset URL, allowing them to retrieve metadata information of the user and “further exploit it to create a convincing phishing page”.

Advertisement. Scroll to continue reading.

GitHub says that both vulnerabilities were reported via its bug bounty program and makes no mention of any of them being exploited in the wild.

GitHub Enterprise Server version 3.14.2 also fixes a sensitive data exposure issue in HTML forms in the management console by removing the ‘Copy Storage Setting from Actions’ functionality.

Related: GitLab Patches Pipeline Execution, SSRF, XSS Vulnerabilities

Related: GitHub Makes Copilot Autofix Generally Available

Related: Court Data Exposed by Vulnerabilities in Software Used by US Government: Researcher

Related: Critical Exim Flaw Allows Attackers to Deliver Malicious Executables to Mailboxes

This post was originally published on this site

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .