GitHub reports critical vulnerability in its Enterprise Server
Take action: If you are running GitHub Enterprise server, time to plan a patch. Very few companies running GitHub Enterprise don't have SSO, so the specific conditions of exploit may be closer than you think. Review in detail, and patch quickly.
Learn More
GitHub has issued a critical security patch to address a severe vulnerability in its Enterprise Server.
The flaw, tracked as CVE-2024-9487 (CVSS score 9.5) allows attackers to bypass authentication mechanisms through improper verification of cryptographic signatures in the SAML Single Sign-On (SSO) authentication feature. Exploitation could result in attackers gaining full administrative access to GitHub Enterprise Server without authentication.
The vulnerability is only exploitable under specific conditions:
- The "encrypted assertions" feature must be enabled in the GitHub Enterprise Server instance.
- The attacker must have direct network access to the server.
- The attacker must possess a valid signed SAML response or a metadata document.
- 3.11.16 and earlier,
- 3.12.10 and earlier,
- 3.13.5 and earlier,
- 3.14.2 and earlier.
Although the exploit is limited by specific conditions, organizations using SAML SSO with encrypted assertions are urged to prioritize updating their GitHub Enterprise Server to the latest patched versions. GitHub has addressed the flaw in the following versions:
- 3.11.16,
- 3.12.10,
- 3.13.5,
- 3.14.2.
Organizations running GitHub Enterprise Server are strongly advised to update to the latest versions.
