Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

GitHub Patches Critical Vulnerability in Enterprise Server

A critical-severity flaw in GitHub Enterprise Server could lead to unauthorized access to the vulnerable instances.

Code hosting platform GitHub has released patches for a critical-severity vulnerability in GitHub Enterprise Server that could lead to unauthorized access to affected instances.

Tracked as CVE-2024-9487 (CVSS score of 9.5), the bug was introduced in May 2024 as part of the remediations released for CVE-2024-4985, a critical authentication bypass defect allowing attackers to forge SAML responses and gain administrative access to the Enterprise Server.

According to the Microsoft-owned platform, the newly resolved flaw is a variant of the initial vulnerability, also leading to authentication bypass.

“An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing unauthorized provisioning of users and access to the instance, by exploiting an improper verification of cryptographic signatures vulnerability in GitHub Enterprise Server,” GitHub notes in an advisory.

The code hosting platform points out that encrypted assertions are not enabled by default and that Enterprise Server instances not configured with SAML SSO, or which rely on SAML SSO authentication without encrypted assertions, are not vulnerable.

“Additionally, an attacker would require direct network access as well as a signed SAML response or metadata document,” GitHub notes.

The vulnerability was resolved in GitHub Enterprise Server versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2, which also address a medium-severity information disclosure bug that could be exploited through malicious SVG files.

To successfully exploit the issue, which is tracked as CVE-2024-9539, an attacker would need to convince a user to click on an uploaded asset URL, allowing them to retrieve metadata information of the user and “further exploit it to create a convincing phishing page”.

Advertisement. Scroll to continue reading.

GitHub says that both vulnerabilities were reported via its bug bounty program and makes no mention of any of them being exploited in the wild.

GitHub Enterprise Server version 3.14.2 also fixes a sensitive data exposure issue in HTML forms in the management console by removing the ‘Copy Storage Setting from Actions’ functionality.

Related: GitLab Patches Pipeline Execution, SSRF, XSS Vulnerabilities

Related: GitHub Makes Copilot Autofix Generally Available

Related: Court Data Exposed by Vulnerabilities in Software Used by US Government: Researcher

Related: Critical Exim Flaw Allows Attackers to Deliver Malicious Executables to Mailboxes

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jared Bartel has been named CISO at Idaho State University.

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as CISO for the Americas.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.