Code hosting platform GitHub has released patches for a critical-severity vulnerability in Enterprise Server that could allow unauthenticated attackers to obtain administrative privileges.
Tracked as CVE-2024-4985 (CVSS score of 10/10), the authentication bypass issue impacts Enterprise Server instances that rely on SAML single sign-on (SSO) authentication and have the optional encrypted assertions feature enabled.
The Microsoft-owned platform explains that an attacker exploiting this bug “could forge a SAML response to provision and/or gain access to a user with administrator privileges.”
“Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13.0,” a NIST advisory reads.
According to GitHub, however, because encrypted assertions are not enabled by default, instances utilizing SAML SSO authentication without the feature are not impacted. Enterprise Server instances that do not use SAML SSO are not affected either.
The code-hosting platform has patched the vulnerability with the release of Enterprise Server versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4.
GitHub made no mention of the vulnerability being exploited in the wild but, considering the severity of CVE-2024-4985, users are advised to update their GitHub Enterprise Server to a patched release as soon as possible.
“GitHub’s security flaw, CVE-2024-4985, is critical, giving anyone who exploits the issue in a version released before p3.13.0 of the code, full admin access to the GitHub Enterprise Server,” Hackuity VP Sylvain Cortes said in an emailed comment.
“The maximum severity rating of 10 out of 10 puts users of such versions at incredibly high risk of attacker network ‘break-ins’. GitHub has issued an urgent patch for a reason – users of their Enterprise Server software should prioritize implementing this, and any other critical vulnerability patches, before it’s too late,” Cortes added.
In early 2024, the code-hosting platform announced that it had rotated credentials after being alerted of a vulnerability in GitHub.com and GitHub Enterprise Server that allowed attackers to access credentials within a production container.
Related: GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta
Related: Threat Actors Manipulate GitHub Search to Deliver Malware
Related: IAM Credentials in Public GitHub Repositories Harvested in Minutes