Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

GitHub Patches Critical Vulnerability in Enterprise Server

A critical-severity flaw in GitHub Enterprise Server could lead to unauthorized access to the vulnerable instances.

Code hosting platform GitHub has released patches for a critical-severity vulnerability in GitHub Enterprise Server that could lead to unauthorized access to affected instances.

Tracked as CVE-2024-9487 (CVSS score of 9.5), the bug was introduced in May 2024 as part of the remediations released for CVE-2024-4985, a critical authentication bypass defect allowing attackers to forge SAML responses and gain administrative access to the Enterprise Server.

According to the Microsoft-owned platform, the newly resolved flaw is a variant of the initial vulnerability, also leading to authentication bypass.

“An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing unauthorized provisioning of users and access to the instance, by exploiting an improper verification of cryptographic signatures vulnerability in GitHub Enterprise Server,” GitHub notes in an advisory.

The code hosting platform points out that encrypted assertions are not enabled by default and that Enterprise Server instances not configured with SAML SSO, or which rely on SAML SSO authentication without encrypted assertions, are not vulnerable.

“Additionally, an attacker would require direct network access as well as a signed SAML response or metadata document,” GitHub notes.

The vulnerability was resolved in GitHub Enterprise Server versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2, which also address a medium-severity information disclosure bug that could be exploited through malicious SVG files.

To successfully exploit the issue, which is tracked as CVE-2024-9539, an attacker would need to convince a user to click on an uploaded asset URL, allowing them to retrieve metadata information of the user and “further exploit it to create a convincing phishing page”.

Advertisement. Scroll to continue reading.

GitHub says that both vulnerabilities were reported via its bug bounty program and makes no mention of any of them being exploited in the wild.

GitHub Enterprise Server version 3.14.2 also fixes a sensitive data exposure issue in HTML forms in the management console by removing the ‘Copy Storage Setting from Actions’ functionality.

Related: GitLab Patches Pipeline Execution, SSRF, XSS Vulnerabilities

Related: GitHub Makes Copilot Autofix Generally Available

Related: Court Data Exposed by Vulnerabilities in Software Used by US Government: Researcher

Related: Critical Exim Flaw Allows Attackers to Deliver Malicious Executables to Mailboxes

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Mike Byron has been named Chief Financial Officer (CFO) at Exabeam.

Ex-GitHub chief technology officer Mike Hanley has joined GM as CISO.

Network security and compliance assurance firm Titania has appointed Victoria Dimmick as CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.