Advisory No: TZCERT/SA/2024/05/23
Date of First Release: 23rd May 2024
Source: GitHub
Software Affected: GitHub Enterprise Server (GHES) prior to Version 3.13.0
Overview:
GitHub Enterprise Servers (GHES) prior to version 3.13.0 is affected by a critical authentication bypass vulnerability. The vulnerability allows an unauthorized access to the instance without requiring prior authentication.
Description:
An authentication bypass vulnerability, identified as CVE-2024-4985, was discovered in GitHub Enterprise Server (GHES) when using SAML single sign-on (SSO) authentication with the optional encrypted assertions feature. This vulnerability allows an attacker to forge a SAML response, which can then be used to provision and gain access to a user account with site administrator privileges. This critical flaw could enable attackers to bypass authentication mechanisms and gain unauthorized access to the GHES instance without needing prior authentication. A vulnerability has a CVSS Score of 10.0 and treated as critical.
Impact:
Successful exploitation of this vulnerability allows an attacker to gain unauthorizes access to the GHES instance, hence it may extend to exposure of sensitive data, operation disruption and/or further exploitation since an attacker could modify, delete or inject malicious code into repository.
Solution:
GitHub has released security patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.
References:
- https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.4-security-fixes
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4985
- https://www.tenable.com/cve/CVE-2024-4985