GitHub Patches Critical Vulnerability In Enterprise Server

GitHub has resolved a critical security vulnerability in GitHub Enterprise Server, identified as CVE-2024-9487 , which carries a CVSS severity score of 9.5. The critical vulnerability could potentially allow unauthorized access to the server.

GitHub is a developer platform that allows developers to create, store, manage and share their code. It uses Git software, providing the distributed version control of access control, bug tracking, software feature requests, task management, continuous integration, and wikis for every project

The vulnerability stemmed from a flaw in the verification of cryptographic signatures, enabling an attacker to bypass SAML single sign-on (SSO) and gain unauthorized access. For an attack to succeed, certain conditions had to be met: the GitHub Enterprise Server needed to have the encrypted assertions feature for SAML SSO enabled, the attacker required direct network access, and possession of a signed SAML response or metadata document.

All versions of GitHub Enterprise Server prior to 3.15 are impacted by this vulnerability. GitHub released patches to address the issue in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. The flaw was discovered through GitHub's Bug Bounty program.

The issue was tied to an improper verification process for cryptographic signatures, introduced as a regression during remediation for a previous vulnerability, CVE-2024-4985 , a vulnerability with a 10.0 CVSS score that was fixed in May of this year.

As per the Github advisory , encrypted assertions are not activated by default, so only instances utilizing SAML SSO with this feature enabled are affected. Additionally, successful exploitation requires direct network access and a signed SAML document.

The vulnerability exploits a weakness in the authentication requests used by identity providers to verify users logging into approved services. With many companies averaging 15 digital identities per employee, according to a report by Push Security titled: How many vulnerable identities do you have? SAML SSO plays a crucial role in managing authorization and access.

Potential risks associated with compromised GitHub Enterprise Servers are sevre. Threat Actors could gain access to valuable data such as source code, architectural documents, and developer information, which could be leveraged for espionage, social engineering, intellectual property theft, or other malicious activities. If attackers obtain administrative access to the source code management system, they could alter the source code and insert backdoors.

GitHub also resolved another vulnerability, CVE-2024-9539 , which has a CVSS score of 5.7. This information disclosure issue affected the same versions of Enterprise Server. It could be exploited if an attacker uploaded a malicious SVG file, tricked a user into clicking a link, and thereby obtained metadata information to create a convincing phishing page.

There have been no reports of these vulnerabilities being exploited in real-world attacks

Read the Github Advisory here