Critical Authentication Bypass Vulnerability in The GitHub Enterprise Server (CVE-2024-4985)

Advisory No: TZCERT/SA/2024/05/23

Date of First Release: 23^rd May 2024

Source: GitHub

Software Affected: GitHub Enterprise Server (GHES) prior to Version 3.13.0

Overview:

GitHub Enterprise Servers (GHES) prior to version 3.13.0 is affected by a critical authentication bypass vulnerability. The vulnerability allows an unauthorized access to the instance without requiring prior authentication.

Description:

An authentication bypass vulnerability, identified as CVE-2024-4985, was discovered in GitHub Enterprise Server (GHES) when using SAML single sign-on (SSO) authentication with the optional encrypted assertions feature. This vulnerability allows an attacker to forge a SAML response, which can then be used to provision and gain access to a user account with site administrator privileges. This critical flaw could enable attackers to bypass authentication mechanisms and gain unauthorized access to the GHES instance without needing prior authentication. A vulnerability has a CVSS Score of 10.0 and treated as critical.

Impact:

Successful exploitation of this vulnerability allows an attacker to gain unauthorizes access to the GHES instance, hence it may extend to exposure of sensitive data, operation disruption and/or further exploitation since an attacker could modify, delete or inject malicious code into repository.

Solution:

GitHub has released security patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.4-security-fixes
2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4985
3. https://www.tenable.com/cve/CVE-2024-4985