GitHub has addressed a critical vulnerability in the GitHub Enterprise Server (GHES) that had the potential to allow attackers to bypass authentication protections.
Known as CVE-2024-4985 (CVSS score: 10.0), this flaw could enable unauthorized access to a GHES instance without the need for authentication.
“On instances utilizing SAML single sign-on (SSO) authentication with encrypted assertions, a malicious actor could create a fake SAML response to gain access to a user with admin privileges,” GitHub explained in a security advisory.
GHES is a platform for self-hosted software development, allowing organizations to manage and build software using Git version control and automate deployment processes.
This vulnerability affects GHES versions prior to 3.13.0 and has been fixed in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4.
GitHub also clarified that encrypted assertions are not enabled by default and that instances not using SAML SSO or those using SAML SSO without encrypted assertions are not impacted by this flaw.
Encrypted assertions provide an extra layer of security for GHES instances using SAML SSO by encrypting messages exchanged during authentication.
Organizations using vulnerable GHES versions are urged to update to the latest release to mitigate potential security risks.
