May 21, 2024 at 11:07AM
GitHub has patched a critical authentication bypass vulnerability (CVE-2024-4986) in GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO), allowing attackers to gain admin privileges and unrestricted access to instance contents. The flaw only affects instances using SAML SSO with encrypted assertions. The fixed versions, released on May 20, come with known issues. Users of the vulnerable configuration are advised to upgrade immediately.
Certainly! From the meeting notes, we can deduce the following key points:
1. GitHub Enterprise Server (GHES) had a severe authentication bypass vulnerability (CVE-2024-4986) impacting instances using SAML single sign-on (SSO) authentication.
2. Exploiting the flaw allowed threat actors to gain administrator privileges without requiring any authentication, potentially leading to unrestricted access to the instance’s contents.
3. The vulnerability only affected instances using SAML SSO with encrypted assertions, an optional feature for data protection.
4. The flaw was submitted to GitHub’s Bug Bounty program and has been fixed in GHEL versions 3.12.4, 3.11.10, 3.10.12, and 3.9.15, all released on May 20.
5. Known issues with the update include firewall rules being wiped, errors during configuration validation for Notebook and Viewscreen services, and the Management Console root admin account not unlocking automatically after lockout, among others.
6. GitHub provided specific fixes for some of the issues, and users utilizing the vulnerable configuration should immediately move to a safe GHEL version.
These takeaways summarize the key information from the meeting notes. Let me know if you need further details or additional insights!