Authentication Bypass Vulnerability in GitHub Enterprise Server via SAML Single Sign-On
CVE-2024-4985
Key Information:
- Vendor
- GitHub
- Vendor
- CVE Published:
- 20 May 2024
Badges
What is CVE-2024-4985?
CVE-2024-4985 is a critical authentication bypass vulnerability affecting GitHub Enterprise Server (GHES), specifically when SAML single sign-on authentication is utilized alongside the optional encrypted assertions feature. This flaw enables attackers to forge SAML responses, allowing them to gain unauthorized access to a user account with site administrator privileges. As a result, organizations that rely on GitHub Enterprise Server for their software development and collaboration may face severe security risks, including unauthorized access to sensitive repositories and the potential for data breaches.
Technical Details
The vulnerability in CVE-2024-4985 arises from how GitHub Enterprise Server processes SAML assertions. By exploiting this weakness, an attacker can bypass the authentication mechanism without needing valid login credentials. This vulnerability affects all versions of GitHub Enterprise Server released prior to 3.13.0, with specific patches implemented in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4. The issue was uncovered via the GitHub Bug Bounty program, emphasizing the security community's role in identifying and mitigating vulnerabilities.
Impact of the Vulnerability
-
Unauthorized Access: The primary risk is that attackers can gain unauthorized access to the GitHub instance, enabling them to manipulate repositories and potentially steal or alter critical code.
-
Privilege Escalation: Exploitation of this vulnerability allows an attacker to gain site administrator privileges, which could lead to further compromises within the organization, including the ability to deploy malicious code or exfiltrate sensitive data.
-
Reputation Damage: Organizations affected by this vulnerability may face significant reputational harm if the compromise leads to data breaches or exposure of customer information, undermining trust and customer confidence.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google fixes yet another Chrome zero-day exploited in
8 months ago
Help Net SecurityCVE-2024-4985GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) - Help Net Security
A critical vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed.
8 months ago
Vulcan CyberCVE-2024-4985How to fix CVE-2024-4985 in GitHub Enterprise Server
CVE-2024-4985 is a critical vulnerability in GitHub Enterprise Server. Here's everything you need to know.
8 months ago