Critical GitHub Enterprise Server Flaw Allows Authentication Bypass

Critical GitHub Enterprise Server Flaw Allows Authentication Bypass

GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections.

Tracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication.

“On instances that use SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, an attacker could forge a SAML response to provision and/or gain access to a user with administrator privileges,” the company said in an advisory.

The issue impacts all versions of GHES prior to 3.13.0 and has been addressed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4.

GitHub further noted that encrypted assertions are not enabled by default and that the flaw does not affect instances that do not utilize SAML single sign-on (SSO) or those that use SAML SSO authentication without encrypted assertions.

Encrypted assertions allow site administrators to improve a GHES instance’s security with SAML SSO by encrypting the messages that the SAML identity provider (IdP) sends during the authentication process.

Organizations that are using a vulnerable version of GHES are recommended to update to the latest version to secure against potential security threats.