GitHub has rolled out security fixes to address a critical authentication bypass issue, tracked as CVE-2024-4985<\/a><\/strong>\u00a0(CVSS score: 10.0), in the GitHub Enterprise Server (GHES).<\/p>\n\n\n\n
“On instances that use SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, an attacker could forge a SAML response to provision and\/or gain access to a user with administrator privileges.” reads the advisory<\/strong><\/a> published by the company. “Please note that encrypted assertions are not enabled by default. Instances not utilizing SAML SSO or utilizing SAML SSO authentication without encrypted assertions are not impacted. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication.”<\/em><\/p>\n\n\n\n
The company pointed out that encrypted assertions<\/a> are not enabled by default and that the vulnerability only affects installs using SAML single sign-on (SSO) or those that use SAML SSO authentication with encrypted assertions. Encrypted assertions<\/a> are a security measure that allows encrypting the messages that the SAML identity provider (IdP) sends SAML SSO.
Pierluigi Paganini<\/strong><\/a>
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a> \u2013<\/strong> hacking, GitHub Enterprise Server)<\/strong>