GitHub has released a patch to address a critical authentication bypass issue in the GitHub Enterprise Server (GHES).
The vulnerability tracked as CVE-2024-4985 with a CVSS score of 10 and is an authentication bypass vulnerability impacts GHES when using SAML single sign-on with encrypted assertions. An attacker can trigger the issue to forge SAML responses, granting them site administrator privileges without prior authentication.
GHES is a self-hosted version of GitHub designed for use within organizations and has a capabilities of GitHub, including source code management, version control, collaboration tools, and continuous integration and delivery (CI/CD), but allows organizations to host the platform on their own infrastructure.
GitHub says that the encrypted assertions are not enabled by default and that the vulnerability only affects installs using SAML single sign-on (SSO) or those that use SAML SSO authentication with encrypted assertions. Encrypted assertions are a security measure that allows encrypting the messages that the SAML identity provider sends SAML SSO.
The vulnerability affected all GHES versions before 3.13.0 and was addressed with the release of versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4. The issue was reported through the GitHub Bug Bounty program.
