Critical GitHub Enterprise Server admin privilege vulnerability

Date of Publish:22^nd Aug,2024

Severity : Critical

Affected versions

• GHES include 3.13.0 to 3.13.2, 3.10.0 to 3.10.15, 3.11.0 to 3.11.13 and 3.12.0 to 3.12.

Summary

A critical vulnerability  is reported in GitHub Enterprise Server which could allow remote attacker to gain unauthorized access to a user account with administrator privileges and access code .

Description

A critical security flaw is found in GitHub GHES instances that use Security Assertion Markup Language (SAML) for single sign-on authentication. The SAML authentication allows specific identity providers (IdPs) that use publicly exposed and signed federation metadata XML. This could allow an remote attacker to establish a SAML response to gain administrator privileges on a compromised system, it allow  an unauthorized access to your organization’s GitHub- repositories.

CVE-2024-7711 and CVE-2024-6337 are covered in the fixes release by vendor.

Recommendation/Solution

Fixed version : GitHub Enterprise Server (GHES) versions 3.13.3, 3.10.16, 3.11.14, and 3.12.8..

CVE Details:

CVE-2024-6800 

NOTE: The information is provide is on “as is “ basis, without assurance of any kind .

Revision history

1. 22-Aug-24 –  advisory published. — Update to version 3.13.3, 3.10.16, 3.11.14, and 3.12.8
2. 22-Aug-24- CVE addressed —All three CVE-2024-6800 ,CVE-2024-7711 and CVE-2024-6337

About The Author

Gaurav Srivastava

15+ years of commended experience in performance in vulnerability assessment and Penetration testing, perform DAST, SAST and SCA scan Application security of web application, OWASP Testing Framework/Application security controls. Testing of webservices, source code analysis, vulnerability patch management .ISO 27001:2005 security audits of function and projects.

See author's posts