CVE-2024-4985

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.13.0 GitHub Enterprise Server version 3.9.15 GitHub Enterprise Server version 3.10.12 GitHub Enterprise Server version 3.11.10 GitHub Enterprise Server version 3.12.4

Description: An authentication bypass vulnerability was present in the GitHub Enterprise Server when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations: For GitHub Enterprise Server versions prior to 3.13.0, update to version 3.13.0 or later. For GitHub Enterprise Server version 3.9.15, no additional action is required as this version already contains the fix. For GitHub Enterprise Server version 3.10.12, no additional action is required as this version already contains the fix. For GitHub Enterprise Server version 3.11.10, no additional action is required as this version already contains the fix. For GitHub Enterprise Server version 3.12.4, no additional action is required as this version already contains the fix. As a temporary workaround, consider disabling the SAML single sign-on authentication with encrypted assertions feature until a patch is available. Restrict access to the SAML authentication module to minimize the risk of exploitation. Avoid using the encrypted assertions feature in the affected API endpoint until the issue is resolved.