Critical GitHub Flaw: Admin Access at Risk (CVE-2024-6800)

On August 20th, GitHub released updates to address three security vulnerabilities in its Enterprise Server product, including a critical flaw that could allow attackers to gain site administrator privileges.

The most severe vulnerability, identified as CVE-2024-6800, received a CVSS score of 9.5. This vulnerability affects GitHub Enterprise servers utilizing SAML authentication with certain identity providers (IdPs) that employ publicly accessible signed XML federated metadata files. In such cases, an attacker could forge a SAML response and gain access to an account with site administrator privileges.

GitHub also addressed two other medium-severity vulnerabilities. The first, identified as CVE-2024-7711 with a CVSS score of 5.3, involves improper authorization, allowing an attacker to modify headers, assignees, and labels of any issue in a public repository. The second, identified as CVE-2024-6337 and rated 5.9, also pertains to improper authorization, enabling access to the contents of issues in private repositories by using a GitHub App with limited content read and merge request write permissions.

All three vulnerabilities were patched in GHES versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16.

Previously, in May, GitHub also fixed a critical security vulnerability (CVE-2024-4985) with a maximum CVSS score of 10.0, which allowed unauthorized access to the server without prior authentication.

Organizations using vulnerable versions of GHES are strongly advised to update to the latest version to safeguard against potential security threats.