GitHub Enterprise Server, the self-hosted version of the GitHub platform, was found to have a vulnerability that allowed malicious actors to elevate their privileges to administrator.
The vulnerability, tracked as CVE-2024-6800 and with a severity rating of 9.5/10 (critical), is described as an XML signature wrapping issue. It occurs when the victim uses the Security Assertion Markup Language (SAML) authentication standard with certain ID providers.
“On GitHub Enterprise Server instances that use SAML single sign-on (SSO) authentication with specific IdPs that use signed, publicly exposed federation metadata XML, an attacker could forge a SAML response to provision and/or gain access to a user account with site administrator privileges,” GitHub said in a security advisory.
Great reward
Patches have been made available for several versions. The first secure versions of GitHub Enterprise Server are 3.13.3, 3.12.8, 3.11.14, and 3.10.16.
Quoting data from the FOFA search engine, Computer beeping It claims that there are more than 36,500 instances connected to the internet, making the attack surface relatively large. Of those servers, the majority (29,200) are located in the United States. However, it is impossible to determine how many are running vulnerable software versions. History teaches us that IT teams are rarely that diligent, and most instances will take weeks, if not months, to update to the latest version.
Still, if your organization uses GHES, don't hesitate to upgrade, as the flaw allows threat actors to take control of vulnerable endpoints.
The new platform versions also fix two additional vulnerabilities: CVE-2024-7711 and CVE-2024-6337. The first allows attackers to modify issues in public repositories, while the second allows publicly disclosing the content of issues from a private repository.
GitHub added that certain services may display error messages during setup, but the instance should still start successfully.
Through Computer beeping
