What is the critical vulnerability addressed in GitHub Enterprise Server (GHES)?

The critical vulnerability, tracked as CVE-2024-6800 (CVSS score 9.5), is an XML signature wrapping flaw affecting GHES instances using SAML SSO authentication with certain identity providers. It allows attackers with direct network access to forge a SAML response, enabling unauthorized administrator privileges on the affected instance.

Which versions of GitHub Enterprise Server are affected by CVE-2024-6800?

The vulnerability affects instances running older versions of GHES before the patched releases: 3.13.3, 3.12.8, 3.11.14, and 3.10.16.

What other vulnerabilities were addressed in the GHES update?

The update also addresses two medium-severity vulnerabilities: CVE-2024-7711 (CVSS score 6.5), which allows attackers to modify issues in public repositories, and CVE-2024-6337 (CVSS score 6.5), which could disclose issue content from private repositories through GitHub Apps with specific permissions.

What actions should system administrators take to mitigate these vulnerabilities?

System administrators should update GitHub Enterprise Server to the latest patched versions (3.13.3, 3.12.8, 3.11.14, and 3.10.16) as soon as possible. They should also review GitHub’s advisory for known issues related to logs, memory usage, and service interruptions during the update process.

Advisory

GitHub patches multple flaws in it's Enterprise Server, including a critical auth bypass flaw

Q: Are there any potential issues during the update process?

Yes, GitHub’s advisory notes that some services may show errors during the update process, but the instance should start correctly. Admins are advised to check the 'Known issues' section for more details.

published: Aug. 21, 2024

Take action: If you are running GitHub Enterprise server with SAML SSO, time for a quick patch. Even if you aren't using SAML SSO if the server is accessible to the internet plan for the same quick patch. Finally, if your server is isolated in a trusted network, you have a bit more time. But don't ignore this flaw, eventually someone will find it and attack it.

Learn More

GitHub has released updates addressing multiple security vulnerabilities in GitHub Enterprise Server (GHES), including a critical authentication bypass flaw.

The most severe issue, tracked as CVE-2024-6800 (CVSS score 9.5), is an XML signature wrapping vulnerability that affects instances using SAML SSO authentication with certain identity providers. This flaw allows attackers with direct network access to forge a SAML response, enabling them to gain unauthorized administrator privileges on the affected GHES instance. Successful exploitation could lead to complete control of the server without requiring prior authentication.

GitHub has addressed the issue in GHES versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16.

In addition to CVE-2024-6800, the update also addresses two medium-severity vulnerabilities:

CVE-2024-7711 (CVSS score 6.5): Allows attackers to modify issues in public repositories by changing titles, assignees, and labels.
CVE-2024-6337 (CVSS score 6.5): Enables disclosure of issue content from private repositories through GitHub Apps with specific permissions.

System administrators are advised to update GHES to the latest patched versions as soon as possible. GitHub’s advisory notes that some services may show errors during the update process, but the instance should start correctly. Admins should also review the “Known issues” section of the advisory for potential issues related to logs, memory usage, and service interruptions during specific operations.

GitHub patches multple flaws in it's Enterprise Server, including a critical auth bypass flaw

Read More
Critical session management vulnerability reported in Apache Roller
Active attacks reported against end-of-life Zyxel NAS devices
Cisco patches critical flaw in Meeting Management software
Atlassian fixes multiple critical vulnerabilities in their products
Critical remote code execution flaw reported in Anthropic's …