GitHub released updates on August 20 to eliminate three vulnerabilities in its product Enterprise Server, including one critical problem that allowed attackers to gain the rights of the site administrator.
The most serious vulnerability was identified as CVE-2024-6800 and received a score of 9.5 on the CVSS scale. This vulnerability specifically impacts GitHub Enterprise servers utilizing SAML authentication with certain IDP providers, which use publicly accessible federal metadata XML files. With this exploit, attackers can manipulate the SAML response to access the account rights of the site administrator.
GitHub also addressed two other medium-sized vulnerabilities. The first, identified as CVE-2024-7711 with a CVSS score of 5.3, involves incorrect authorization that allows attackers to alter the assignees and labels of any task in a public repository. The second vulnerability, labeled as CVE-2024-6337 with a score of 5.9, also relates to incorrect authorization, granting access to task contents in private repositories by leveraging GitHub App privileges for reading and writing merge requests.
All three vulnerabilities have been resolved in versions of GHES 3.13.3, 3.12.8, 3.11.14, and 3.10.16.
Earlier in May, GitHub addressed another critical security vulnerability (CVE-2024-4985) with a maximum CVSS score of 10.0, which allowed unauthorized server access without prior authentication.
Organizations using vulnerable versions of GHES are strongly advised to update to the latest version to safeguard against potential security threats.