GitHub Enterprise Server Vulnerability Allow Attackers to Gain Admin Access

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

The latest update to GitHub Enterprise Server, version 3.13.3, addressed a critical vulnerability (CVE-2024-6800), allowing attackers to forge SAML responses and gain unauthorized access.

Enterprise Server 3.13.3 introduces several enhancements aimed at improving user experience and system management

Users can now view the app state of gists, networks, and wikis directly in the spokesctl info output, providing greater visibility into these elements.

Additionally, the spokesctl check feature has been upgraded to diagnose and, in many cases, automatically fix issues with empty repository networks, streamlining network management.

Critical Security Fixes Address Vulnerabilities

Security remains a top priority in this release, with several critical and medium-level vulnerabilities addressed:

Critical SAML Vulnerability (CVE-2024-6800):

A significant security vulnerability (CVE-2024-6800) was identified in GitHub Enterprise Server instances using SAML single sign-on (SSO) authentication with specific identity providers (IdPs).

This vulnerability could allow attackers to forge a SAML response to gain unauthorized access to user accounts with site administrator privileges. This issue was reported through the GitHub Bug Bounty program and has been patched.

Medium-Level Vulnerabilities:

  • CVE-2024-7711: An attacker could modify the title, assignees, and labels of issues in public repositories.
  • CVE-2024-6337: An attacker could disclose issue contents from private repositories using a GitHub App with specific permissions. Both vulnerabilities were reported via the GitHub Bug Bounty program and have been addressed.

Bug Fixes Improve System Stability

The update also includes numerous bug fixes to enhance system stability and performance:

  • Configuration and Upgrade Issues: Problems such as unnecessary configuration runs during hotpatching and race conditions blocking upgrade activities have been resolved.
  • Log Management and Data Migration: Improvements have been made to log management, including the rotation of configuration logs and resolving issues with audit log data migration on instances using legacy Elasticsearch directories.
  • GitHub Actions and Service Management: Fixes address issues with GitHub Actions, such as failed MS SQL and MySQL replication due to insufficient wait times, and incorrect rendering of images in issues opened in the Projects side panel.

Despite the comprehensive fixes, some known issues persist. During configuration runs, certain services may receive a “No such object” error, although they should still start correctly.

Instances with the HTTP X-Forwarded-For header configured may experience anomalies where client IP addresses are logged incorrectly.

Additionally, restoring clusters from a backup requires specific procedures, and memory utilization may increase post-upgrade, potentially causing service interruptions during high-traffic periods.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial