CVE-2024-9487 is a security vulnerability found in GitHub Enterprise Server that allows unauthorized access to user accounts when Single Sign-On (SSO) authentication with SAML is used. This issue affects all versions prior to 3.15 and could allow attackers to bypass login protections and obtain sensitive data. GitHub has released security updates in the most recent versions of the software.
| Product | GitHub Enterprise Server |
| Date | 2024-10-14 11:41:26 |
| Information |
|
Technical Summary
This vulnerability in GitHub Enterprise Server could allow attackers to bypass the authentication process by exploiting how the system verifies user identities. If an organization has enabled Single Sign-On (SSO) with SAML and has encrypted security features active, an attacker with specific network tools could deceive the system into creating or accessing accounts without proper authorization. This could lead to the exposure of sensitive corporate information. GitHub has fixed the issue in updated versions, but all versions prior to 3.15 remain vulnerable.
Recommendations
- Patch GitHub Enterprise Server: Ensure you update GitHub Enterprise Server to one of the following patched versions: 3.11.16, 3.12.10, 3.13.5, 3.14.2, or later.
- Verify SAML configuration: Check your SAML SSO settings and ensure that the “encrypted assertions” feature is enabled only if strictly necessary, as it increases the attack surface.
[Callforaction-THREAT-Footer]
