Critical Vulnerability in GitHub Enterprise Server Addressed

October 16, 2024

GitHub has rectified a critical vulnerability in its Enterprise Server that was capable of providing unauthorized access to the affected instances. This vulnerability, labelled as CVE-2024-9487, had a CVSS score of 9.5. The flaw was a cryptographic signature verification issue in GitHub Enterprise Server, which could be exploited to bypass SAML SSO and gain unauthorized user access.

To take advantage of this vulnerability, an attacker would need the encrypted assertions feature of GitHub Enterprise Server enabled, direct network access, and a signed SAML response or metadata document. The vulnerability affected all versions of Enterprise Server prior to 3.15. However, GitHub has addressed the issue in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was brought to the company's attention through its Bug Bounty program.

The vulnerability only impacted GitHub Enterprise Server instances with encrypted assertions enabled for SAML SSO. It also required direct network access and a signed SAML document. GitHub stated, “An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing unauthorized provisioning of users and access to the instance, by exploiting an improper verification of cryptographic signatures vulnerability in GitHub Enterprise Server. This was a regression introduced as part of follow-up remediation from CVE-2024-4985, which resulted in a new variant of the vulnerability.”

The company also addressed an information disclosure vulnerability, labelled as CVE-2024-9539, with a CVSS score of 5.7, in the Enterprise Server. This flaw, which affected versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2, could be exploited through malicious SVG files. GitHub explained, “An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page.”

As of now, GitHub is not aware of any attacks in the wild exploiting these vulnerabilities.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.