Github Enterprise Server: Attackers can bypass authentication
Under certain circumstances, unauthorized access to Github Enterprise Server is possible. Security updates are available.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Admins who host Github instances themselves with Github Enterprise Server should quickly update the underlying software. Otherwise, attackers could exploit a"critical" security vulnerability.
Authentication broken
To secure servers, the secured versions 3.11.16, 3.12.10, 3.13.5 and 3.14.12 are available for download. Older versions are no longer supported and an upgrade is necessary at this point in order to continue to receive security updates in the future. According to the release notes, the critical vulnerability (CVE-2024-9487) has its origin in a fix for a similar vulnerability (CVE-2024-4985"critical") from May of this year.
Videos by heise
Only instances that rely on SAML SSO for authentication are affected. In addition, the Encrypted Assertions function must be active, which according to the developers is not the case by default. Attackers also need network access and a signed SAML response. If these requirements are met, attackers can bypass authentication due to insufficient certificate checks. This makes unauthorized access possible.
Data leak possible
The developers have also closed a second vulnerability (CVE-2024-9539"medium"). If victims click on a prepared URL, information can be leaked.
Those responsible at Github state that both vulnerabilities were submitted via the Github bug bounty program. It is currently not known whether there are already attacks. It also remains unclear by which parameters admins can already recognize compromised servers.
(des)
