In the latest updates for GitHub Enterprise Server, versions 3.12.4, 3.11.10, 3.10.12, and 3.9.15, a critical security vulnerability has been uncovered. This vulnerability, identified as CVE-2024-4985, allows unauthorized access to administrator rights without the need for authentication.
The issue specifically affects configurations using a single entry point with SAML technology, which involves message encryption from identification providers, known as “Encrypted Assertions”. While this mode is disabled by default, it can be enabled as an extra security measure under “Settings/Authentication/Require Encrypted Assertions”.
With a severity rating of 10 out of 10, the vulnerability poses a significant threat. Notably, the exploit does not require the presence of an existing account. While specific attack details have not been disclosed, it is noted that the attack involves a fake SAML response. The discovery of this vulnerability was made through GitHub’s bug bounty program, which rewards researchers for identifying security flaws.