GitHub has released security updates to address two vulnerabilities in GitHub Enterprise Server, one of which could allow attackers to bypass authentication and gain unauthorized access.
The critical vulnerability tracked as CVE-2024-9487, with a CVSS score of 9.5 resides in the platform’s SAML SSO authentication mechanism. An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance.
Exploitation of this vulnerability, however, requires specific conditions:
- The “encrypted assertions” feature must be enabled on the GitHub Enterprise Server instance.
- The attacker needs direct network access to the server.
- The attacker must possess a valid signed SAML response or metadata document.
While these prerequisites limit the attack surface, organizations using SAML SSO with encrypted assertions are urged to update their GitHub Enterprise Server installations immediately.
Affected Versions
The versions affected by this vulnerability include:
- GitHub Enterprise Server versions from 3.11.0 to 3.11.15
- GitHub Enterprise Server versions from 3.12.0 to 3.12.9
- GitHub Enterprise Server versions from 3.13.0 to 3.13.4
- GitHub Enterprise Server versions from 3.14.0 to 3.14.1
These vulnerabilities are patched in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. Users are encouraged to upgrade to these unaffected versions or newer ones to ensure their systems are secure. GitHub urges all users of Enterprise Server to update to a patched version as soon as possible to mitigate these security risks.
