authentication bypass (CVE-2024-4985) #shorts #breaking

CVE

This CVE relates to an authentication bypass vulnerability published on May 20, 2024. It is not a zero-day vulnerability. Attackers can exploit this flaw by manipulating unknown data to forge a SAML response, allowing them to gain unauthorized site administrator access. The vulnerability affects GitHub Enterprise Server versions 3.9.14 and below, 3.10.11 and below, 3.11.9 and below, and 3.12.3 and below. While it is unknown who has been attacked so far, all users of GitHub Enterprise Server using affected versions should be aware of this security issue.

Watch the full video on YouTube: CVE-2024-4985

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-4985
Description
An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13.0 and was fixed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4. This vulnerability was reported via the GitHub Bug Bounty program.
Provider
GitHub_P
CWE / problem types
CWE-303: Incorrect Implementation of Authentication Algorithm
Affected Software Versions
GitHub:Enterprise Server:[{'changes': [{'at': '3.9.15', 'status': 'unaffected'}], 'lessThanOrEqual': '3.9.14', 'status': 'affected', 'version': '3.9.0', 'versionType': 'semver'}, {'changes': [{'at': '3.10.12', 'status': 'unaffected'}], 'lessThanOrEqual': '3.10.11', 'status': 'affected', 'version': '3.10.0', 'versionType': 'semver'}, {'changes': [{'at': '3.11.10', 'status': 'unaffected'}], 'lessThanOrEqual': '3.11.9', 'status': 'affected', 'version': '3.11.0', 'versionType': 'semver'}, {'changes': [{'at': '3.12.4', 'status': 'unaffected'}], 'lessThanOrEqual': '3.12.3', 'status': 'affected', 'version': '3.12.0', 'versionType': 'semver'}, {'status': 'unaffected', 'version': '3.13.0'}]
Date Published
2024-05-20T21:17:27.315Z
Last Updated
2024-08-01T20:55:10.505Z