Security News > 2024 > May > GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)
A critical, 10-out-of-10 vulnerability allowing unrestricted access to vulnerable GitHub Enterprise Server instances has been fixed by Microsoft-owned GitHub.
There is a catch that may narrow down the pool of potential victims: instances are vulnerable to attack only if they use SAML single sign-on authentication AND have the encrypted assertions feature enabled.
GitHub Enterprise Server is a software development platform that organizations host either on-premises or on a public cloud service.
"GitHub Enterprise Server runs on your infrastructure and is governed by access and security controls that you define, such as firewalls, network policies, IAM, monitoring, and VPNs. GitHub Enterprise Server is suitable for use by enterprises that are subject to regulatory compliance, which helps to avoid issues that arise from software development platforms in the public cloud," GitHub explains.
Reported via the company's bug bounty program, CVE-2024-4985 stems from an incorrect implementation of an authentication algorithm.
CVE-2024-4985 affects all versions of GitHub Enterprise Server prior to 3.13.0, and has been fixed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4.
News URL
https://www.helpnetsecurity.com/2024/05/23/cve-2024-4985/
Related news
- Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) (source)
- Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-05-20 | CVE-2024-4985 | An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. | 0.0 |