GitHub recently addressed a critical authentication bypass vulnerability in its GitHub Enterprise Server (GHES) platform.

Description

The vulnerability, identified as CVE-2024-4985 with a CVSS score of 10, affected instances using SAML single sign-on (SSO) authentication with encrypted assertions [2] [3]. This flaw allowed malicious actors to create fake SAML responses and gain administrative privileges without proper authentication. The issue was present in all GHES versions prior to 3.13.0, with fixes now available in versions 3.9.15, 3.10.12, 3.11.10 [5], and 3.12.4 [1] [5]. It is important to note that other authentication methods were not impacted by this vulnerability. GitHub Enterprise Server caters to organizations needing self-hosted repositories [4], offering enhanced control [4], offline access [4], and increased security for sensitive data [4].

Conclusion

The swift response to this critical vulnerability by GitHub highlights the importance of regular security updates and patches. Organizations using GHES are advised to update to the latest versions to mitigate the risk of unauthorized access and protect their confidential information. This incident serves as a reminder of the ongoing need for robust security measures in the digital landscape.

References

[1] https://securityaffairs.com/163515/hacking/github-enterprise-server-cve-2024-4985.html
[2] https://heimdalsecurity.com/blog/critical-github-saml-auth-bypass-vulnerability/
[3] https://www.scmagazine.com/brief/github-addresses-maximum-severity-enterprise-server-vulnerability
[4] https://www.blackhatethicalhacking.com/news/critical-saml-exploit-in-github-enterprise-server-fixed-with-urgent-update/
[5] https://www.darkreading.com/vulnerabilities-threats/github-authentication-bypass-opens-enterprise-server-attackers