GitHub has rolled out security updates to resolve two vulnerabilities in GitHub Enterprise Server, one of which poses a critical security threat by potentially allowing attackers to bypass authentication mechanisms and gain unauthorized access.
The most serious of these, CVE-2024-9487, has been given a CVSS score of 9.5, indicating a critical risk level. This flaw occurs within the platform’s SAML SSO (Single Sign-On) authentication system and stems from improper cryptographic signature verification. As a result, the vulnerability could allow attackers to bypass SAML SSO authentication, enabling the unauthorized provisioning of users and unauthorized access to the GitHub instance. However, exploitation requires several specific conditions to be met:
- The “encrypted assertions” feature must be active on the GitHub Enterprise Server.
- The attacker needs direct network access to the server.
- The attacker must possess a legitimate signed SAML response or metadata document.
Even though these requirements narrow the attack surface, organizations utilizing SAML SSO with encrypted assertions are strongly advised to update their GitHub Enterprise Server immediately.
The second vulnerability, rated as medium severity, involves malicious URLs embedded in SVG graphics. Exploiting this flaw could allow an attacker to extract information about a victim who clicks on the malicious link, potentially exposing sensitive metadata. The attacker can then use this data to create a fake phishing page. This attack method is more complex, requiring the attacker to first upload the malicious SVGs onto the server and then convince the victim to click the embedded link.
Both vulnerabilities impact all versions of GitHub Enterprise Server released before version 3.15. To address these issues, GitHub has published updates in the following versions:
- 3.11.16
- 3.12.10
- 3.13.5
- 3.14.2
GitHub urges all GitHub Enterprise Server users to update to one of these patched versions as soon as possible to mitigate potential security risks.