Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Critical Authentication Flaw Haunts GitHub Enterprise Server

GitHub patches a trio of security defects in the GitHub Enterprise Server product and recommends urgent patching for corporate users.

GitHub security

GitHub has released an urgent fix for a trio of security defects in the GitHub Enterprise Server product and warned that hackers can exploit one of the flaws to gain site administrator privileges.

The most severe issue is tracked as CVE-2024-6800 and covers a vulnerability that allows an attacker to manipulate SAML SSO authentication to provision and/or gain access to a user account with site administrator privileges.

The vulnerability carries a CVSS severity score of 9.5/10 and is described as an XML signature wrapping bug in GitHub Enterprise Server (GHES) when utilizing SAML authentication with specific identity providers.

“This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication,” according to the advisory. 

GitHub said the vulnerability, reported privately via its bug bounty program, affects all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. 

The company also documented a pair of medium-severity flaws that allow attackers to update the title, assignees, and labels of any issue inside a public repository; and disclose the issue contents from a private repository using a GitHub App with only contents: read and pull requests: write permissions. 

GitHub Enterprise Server is the self-hosted version of GitHub Enterprise. It is installed on-prem or on a private cloud and provides  features of the cloud-based version of GitHub, including pull requests, code reviews, and project management tools.

Related: Critical Authentication Bypass Resolved in GitHub Enterprise Server

Advertisement. Scroll to continue reading.

Related: GitHub Enterprise Server Gets New Security Capabilities

Related: Serious Vulnerability in GitHub Enterprise Earns Researcher $20,000

Related: Hackers Earn Big Bounties for GitHub Enterprise Flaw

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights