Critical GitHub Enterprise Server Flaw Allows Authentication Bypass

News

May 21, 2024NewsroomVulnerability / Software Development

GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections.

Tracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication.

“On instances that use SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, an attacker could forge a SAML response to provision and/or gain access to a user with administrator privileges,” the company said in an advisory.

GHES is a self-hosted platform for software development, allowing organizations to store and build software using Git version control as well as automate the deployment pipeline.

Cybersecurity

The issue impacts all versions of GHES prior to 3.13.0 and has been addressed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4.

GitHub further noted that encrypted assertions are not enabled by default and that the flaw does not affect instances that do not utilize SAML single sign-on (SSO) or those that use SAML SSO authentication without encrypted assertions.

Encrypted assertions allow site administrators to improve a GHES instance’s security with SAML SSO by encrypting the messages that the SAML identity provider (IdP) sends during the authentication process.

Organizations that are using a vulnerable version of GHES are recommended to update to the latest version to secure against potential security threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400%
Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers
Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts
AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case
LockBit Admins Tease a New Ransomware Version

Leave a Reply

Your email address will not be published. Required fields are marked *