GitHub has disclosed a major security vulnerability found in every current version of GitHub Enterprise Server (GHES). This vulnerability is tracked under CVE-2024-6800, and has the potential to grant non-admin access for an organization server open-path vulnerability impact can be severe security breaches.
The issue, reported through GitHub’s Bug Bounty program, has since been remediated but a fix is available for administrators looking to protect their systems from exploitation.
The product GitHub Enterprise Server is a popular self-hosted software development platform, heavily relied on by organizations for having complete audit control and security characteristics over their code repositories. These same organizations tend to self-host on-premises more than others, often due to compliance or regulatory reasons.
GHES is delivered as a virtual appliance with its own Linux-based, custom application stack running on a virtual machine. The vulnerability named CVE-2024-6800 is an XML signature wrapping that can be avoidable in the authentication processes. This vulnerability specifically impacts instances using SAML single sign-on (SSO) authentication with certain identity providers we otherwise make publicly available signed Federation Metadata XML.
This vulnerability can be exploited by attackers with network access to the GitHub Enterprise Server, as it authenticates via SAML. This could enable them to create and log in a user as administrator.
Meanwhile, organizations using GitHub Enterprise Server with SAML SSO authentication need to upgrade to the patched versions below to secure their systems:
3.13.3
3.12.8
3.11.14
3.10.16
Organizations currently running on version 3.10 should be aware that this iteration will come out of support after August 29, 2024, and they will no longer receive updates/ security patches relevant for to fixing bugs or plugging vulnerabilities. Organizations are advised to look at upgrading these application versions.
Up until now, GitHub has not provided any mitigations or alternative fixes to this while also underlining the importance of updating as soon as possible.
This 2024-6800 CVE vulnerability underlines the need to keep your GitHub Enterprise Server instances updated, especially when they use SAML SSO authentication. The most important thing in the security council is to guard seriousness faster since continuous repositories run on a particular version. We highly recommend organizations upgrade their systems as soon as possible in GHES for maximum security.
GitHub Enterprise Server is a self-managed version of its usual software development platform, designed for organizations that want to exercise direct control over their own code repositories — most commonly due to compliance or security requirements.
The bug we will discuss here is the CVE-2024-6800, a cross-platform XML signature wrapping vulnerability of an enterprise Server that allows attackers to bypass SAML SSO authentication.
All organizations running a GitHub Enterprise Server who are using SAML Single Sign-On with the specified identity providers and have publicly exposed their signed federation metadata XML( s) are affected.
New versions have been released which fix this vulnerability 3.13.3, 3.12.8, 3..11.s4 and :i.o.t6 of GitHub Enterprise Server are available fir download now to protect your instance against them这es kinds jp at“acks
Well, 3.10 will reach its end-of-life on August 29, 2024 and it be not help us because they no longer receive security updates or patches. Upgrading to a newer version is highly recommended.
KnowTechNews is your go-to source for the latest in technology. From breaking news and gadget reviews to in-depth insights and industry trends, we bring you everything you need to stay informed.