GitHub has releeased security updates for Enterprise Server (GHES), addressing several vulnerabilities, including a critical flaw that could allow unauthorized access to an instance.
The vulnerability, identified as CVE-2024-9487, has a CVSS score of 9.5 out of 10.
According to GitHub’s alert, “An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, leading to unauthorized user provisioning and instance access. This is due to improper cryptographic signature verification in GitHub Enterprise Server.”
GitHub, now owned by Microsoft, described the flaw as a regression resulting from earlier remediation work on CVE-2024-4985 (CVSS score: 10.0), a critical vulnerability that was patched in May 2024.
Additionally, GitHub resolved two other issues:
- CVE-2024-9539 (CVSS score: 5.7): An information disclosure vulnerability allowing attackers to retrieve user metadata by luring victims into clicking malicious URLs related to SVG assets.
- A sensitive data exposure in HTML forms within the management console (not assigned a CVE).
All three vulnerabilities were fixed in Enterprise Server versions 3.14.2, 3.13.5, 3.12.10, and 3.11.16.
In August, GitHub also addressed another critical issue (CVE-2024-6800, CVSS score: 9.5) that could allow attackers to gain site administrator privileges.
Organizations using vulnerable self-hosted versions of GHES are strongly encouraged to update to the latest version to protect against potential security risks.
Source: TheHackerNews