August 22, 2024Ravie LakshmananBusiness Software / Vulnerability

GitHub has released fixes for a set of three security vulnerabilities affecting its Enterprise Server product, including a critical bug that could be exploited to gain site administrator privileges.

The most serious flaw has been assigned the CVE identifier CVE-2024-6800 and a CVSS score of 9.5.

“On GitHub Enterprise Server instances using SAML single sign-on (SSO) authentication with specific IdPs using publicly accessible signed federation metadata XML, an attacker can forge a SAML response to provision and/or gain access to a user account with site administrator privileges,” GitHub said in an advisory.

The Microsoft subsidiary also addressed two medium severity bugs:

• CVE-2024-7711 (CVSS score: 5.3) – An improper authorization vulnerability that could allow an attacker to update the title, assignments, and labels of an issue in a public repository.

• CVE-2024-6337 (CVSS score: 5.9) – An improper authorization vulnerability that could allow an attacker to access the contents of an issue in a private repository using a GitHub app with only content: read and pull request: write permissions.

All three security vulnerabilities have been fixed in GHES versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16.

In May, GitHub also patched a critical security vulnerability (CVE-2024-4985, CVSS score: 10.0) that allowed unauthorized access to an instance without requiring prior authentication.

Organizations using a vulnerable self-hosted version of GHES are strongly advised to update to the latest version to protect themselves from potential security risks.