Enterprise customers have to replace their techniques with the newest GitHub Enterprise Server launch, because the service patched a severe auth bypass vulnerability and addressed another safety flaws.
A GitHub Enterprise Server Vulnerability May Permit Admin Privileges To An Attacker
Based on the current updates to the GitHub release notes, the service addressed a vital vulnerability within the GitHub Enterprise Server.
GitHub Enterprise Server (GHES) is a self-hosted model of GitHub aimed toward facilitating enterprise customers. Organizations might go for Enterprise Server deployments for streamlined functioning, sufficient regulatory compliance, and extra management over entry and safety features.
GitHub described the vital vulnerability as an authentication bypass difficulty. Recognized as CVE-2024-6800, this vulnerability acquired a CVSS rating of 9.5. It existed attributable to an XML signature wrapping difficulty with GHES cases utilizing SAML single sign-on (SSO) authentication with particular id suppliers (IdPs) utilizing publicly uncovered signed federation metadata XML.
Exploiting the flaw may permit an unauthorized attacker with direct community entry to GHES to forge a SAML response. This, in flip, would let the adversary achieve elevated privileges, equivalent to web site administrator, with out authentication.
This vulnerability caught GitHub’s consideration following a bug report submitted by way of its Bug Bounty Program. It affected all GHES variations earlier than the Launch candidate (RC) construct 3.14.
Following the report, the service patched the vulnerability with GHES steady variations 3.13.3, 3.12.8, 3.11.14, and three.10.16.
In addition to this vital vulnerability, GitHub additionally mounted two medium-severity safety flaws (described under). These vulnerabilities additionally caught GitHub’s consideration by means of bug stories submitted to its bug bounty program.
- CVE-2024-7711 (CVSS 5.3): An incorrect authorization flaw permitting an adversary to replace the title, assignee, and labels of any difficulty in public repositories.
- CVE-2024-6337 (CVSS 5.9): One other incorrect authorization vulnerability that uncovered difficulty content material from non-public repositories utilizing a GitHub App with solely
contents: learnandpull requests: writepermissions. An attacker may use the entry token to take advantage of the flaw and skim the difficulty contents.
Because the patches have been launched for a number of GHES variations, customers should replace their techniques accordingly to obtain the fixes.
Tell us your ideas within the feedback.
