Article Details

GitHub warns of SAML auth bypass flaw in Enterprise Server. GitHub has fixed a maximum severity (CVSS v4 score: 10.0) authentication bypass vulnerability tracked as CVE-2024-4986, which impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication. Exploiting the flaw would allow a threat actor to forge a SAML response and gain administrator privileges, providing unrestricted access to all of the instance's contents without requiring any authentication. GHES is a self-hosted version of GitHub designed for organizations that prefer to store repositories on their own servers or private cloud environments. It caters to the needs of large enterprises or development teams that require greater control over their assets, entities handling sensitive or proprietary data, organizations with high-performance needs, and users requiring offline access capabilities. The flaw, which was submitted to GitHub's Bug Bounty program, only impacts instances utilizing Security Assertion Markup Language (SAML) SSO with encrypted assertions. This optional feature protects data against interception (man-in-the-middle attacks). Due to encrypted assertions not being the default setting on GHES, CVE-2024-4986 only impacts instances whose administrators have enabled the security feature. The vulnerability has been fixed in GHEL versions 3.12.4, 3.11.10, 3.10.12, and 3.9.15, all released yesterday, on May 20. Known issues with the update include: Despite those issues, those using the vulnerable configuration (SAML SSO + encrypted assertions) should immediately move to a safe GHEL version.