GitHub Enterprise Server Authentication Bypass Vulnerability (CVE-2024-4985)

A critical severity flaw with the maximum severity rating is discovered in the GitHub Enterprise Server (GHES). Tracked as CVE-2024-4985, the vulnerability may allow an attacker to access the vulnerable server without prior authentication.

GitHub Enterprise Server is a self-hosted platform that allows organizations to build, scale, and deliver software. GitHub Enterprise Server is designed for organizations that require more control and scalability for their code repositories and offers security, reliability, cloud-based computing, and third-party support

Vulnerability Description

The vulnerability impacts the servers using SAML single sign-on (SSO) authentication with the optional encrypted assertions feature. An attacker could set up a SAML response to provide and/or gain access to a user with administrator privileges.

The vendor informs that the encrypted assertions are not enabled by default. The vulnerability does not impact the servers that do not utilize SAML single sign-on (SSO) or those that use SAML SSO authentication without encrypted assertions.

Encrypted assertions allow site administrators to improve a GHES instance’s security with SAML SSO by encrypting the messages the SAML identity provider (IdP) sends during authentication.

Affected Versions

  • GitHub Enterprise Server version 3.9.0 to 3.9.14
  • GitHub Enterprise Server version 3.10.0 to 3.10.11
  • GitHub Enterprise Server version 3.11.0 to 3.11.9
  • GitHub Enterprise Server version 3.12.0 to 3.12.3

Mitigation

GitHub has released the GitHub Enterprise Server versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4 to patch the vulnerability.

Please refer to the GitHub Release Notes for more information.

Qualys Detection

Qualys customers can scan their devices with QID 379849 to detect vulnerable assets.

Rapid Response with Patch Management (PM)

Qualys Patch Management and its Zero-Touch Patching feature provide a seamless, automated process of patching a vulnerability like this.

Zero-Touch Patching identifies the most vulnerable products in your environment and automates the deployment of necessary patches and configuration adjustments. This not only streamlines the patching process but also ensures vulnerabilities are addressed promptly.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.15
https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.4
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.12
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10

Leave a Reply

Your email address will not be published. Required fields are marked *