GitHub has announced updates to correct a trio of security vulnerabilities within its Enterprise Server, notably including a critical flaw that could potentially allow an attacker to acquire site administrator rights.
The most critical issue, tagged as CVE-2024-6800, has been given a high CVSS rating of 9.5. GitHub detailed in their advisory that on instances of GitHub Enterprise Server utilizing SAML single sign-on (SSO) authentication with certain Identity Providers (IdPs) that expose signed federation metadata XML publicly, it’s possible for an attacker to craft a SAML response that could either provision a new admin account or elevate an existing account to admin status.
Additionally, the Microsoft-owned subsidiary has rectified two medium-severity issues:
- CVE-2024-7711 (CVSS score: 5.3) — An incorrect authorization flaw that could permit unauthorized alterations to issue titles, assignees, and labels within any public repository.
- CVE-2024-6337 (CVSS score: 5.9) — Another incorrect authorization issue that could allow unauthorized access to issue contents within a private repository via a GitHub App with limited permissions.
These vulnerabilities have been addressed in the latest patches for GHES versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16.
In light of these vulnerabilities, organizations utilizing vulnerable versions of the self-hosted GHES are strongly encouraged to update their systems to the latest release to mitigate any potential security risks.
Earlier in May, GitHub had also patched a separate critical security flaw (CVE-2024-4985, CVSS score: 10.0) that could allow unauthorized access to an instance without the need for prior authentication.