GitHub Enterprise Server has a critical security flaw, so patch now

Newly-discovered flaw allows hackers to elevate privileges

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

GitHub Enterprise Server, the self-hosted version of the GitHub platform, was found carrying a vulnerability that allowed malicious actors to elevate their privileges to admin.

The vulnerability, tracked as CVE-2024-6800, and has a severity rating of 9.5/10 (critical), is described as an XML signature wrapping issue. It happens when the victim uses the Security Assertion Markup Language (SAML)authenticationstandard, with certain ID providers.

“On GitHub Enterprise Server instances that use SAML single sign-on (SSO) authentication with specific IdPs utilizing publicly exposed signed federation metadata XML, an attacker could forge a SAML response to provision and/or gain access to a user account with site administrator privileges,” GitHub said in a security advisory.

Big bounty

Patches are available for multiple versions, it was added. The earliest secure versions of GitHub Enterprise Server are 3.13.3, 3.12.8, 3.11.14, and 3.10.16.

Citing data from the FOFA search engine,BleepingComputerclaims that there are more than 36,500 internet-connected instances, making the attack surface relatively large. Of those servers, the majority (29,200) is sitting in the United States. However, it is impossible to determine how many are running vulnerable software versions. History teaches us that IT teams are rarely that diligent, and that it will take weeks, if not months, for the majority of instances to upgrade to the latest version.

Still, if your organization is running GHES, don’t hesitate with the update, since the flaw allows threat actors to take over vulnerable endpoints.

The new versions of the platform also fix two additional vulnerabilities: CVE-2024-7711, and CVE-2024-6337. The former allows attackers to modify issues on public repositories, while the latter allows publicly disclosing issue content from a private repository.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

GitHub added that certain services might display error messages during configuration, but the instance should still start properly.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case