GitHub Patches Multiple Security Vulnerabilities (CVE-2024-6800, CVE-2024-6337, & CVE-2024-7711)

Posted by Author Diksha Ojha on Posted on

GitHub released security advisories to address three security vulnerabilities in Enterprise Server (GHES). Tracked as CVE-2024-6800, CVE-2024-6337, & CVE-2024-7711, these vulnerabilities may allow attackers to gain unauthorized access and manipulate repositories.

CVE-2024-6800 has been given a critical severity rating with a CVSS score of 9.5.

GitHub Enterprise Server is a self-hosted platform for building, scaling, and delivering software. It is designed for organizations that require more control and scalability for their code repositories and offers security, reliability, cloud-based computing, and third-party support.

CVE-2024-6800

The vulnerability exists in the SAML Single Sign-On (SSO) authentication used by the GitHub Enterprise Server. The SAML authentication uses specific IdPs utilizing publicly exposed signed federation metadata XML. An attacker could forge a SAML response to provision and/or gain access to a user account with site administrator privileges.

CVE-2024-6337

An attacker could disclose the issue contents from a private repository using a GitHub App with only ‘contents: read’ and ‘pull requests: write’ permissions on successful exploitation. The vulnerability can be exploited via user access tokens, and installation access tokens are unaffected.

CVE-2024-7711

Upon successful exploitation, an attacker could update any issue’s title, assignees, and labels inside a public repository. The vulnerability can be exploited inside a public repository, and private/internal repositories are unaffected.

Affected Versions 

  • GitHub Enterprise Server version 3.13.0 to 3.13.2
  • GitHub Enterprise Server version 3.10.0 to 3.10.15
  • GitHub Enterprise Server version 3.11.0 to 3.11.13
  • GitHub Enterprise Server version 3.12.0 to 3.12.7

Mitigation

GitHub has released the GitHub Enterprise Server versions 3.13.3, 3.10.16, 3.11.14, and 3.12.8 to patch the vulnerability.

Qualys Detection

Qualys customers can scan their devices with QID 380373 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8
https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14

Leave a Reply

Your email address will not be published. Required fields are marked *