CRITICAL🇵🇱 Wersja polska

CVE-2024-4985

CVSS 10.0v4.0pub. 2024-05-20upd. 2025-08-27

An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13.0 and was fixed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4. This vulnerability was reported via the GitHub Bug Bounty program.

🤖 AI Analysis
How it works

The vulnerability results from improper implementation of SAML verification mechanism (CWE-303 — incorrect implementation of authentication algorithm) in the optional SAML SSO encrypted assertions feature. An attacker can craft (forge) a SAML response that will be accepted by the server as valid. Based on such a response, the system creates or grants access to a user account with site administrator privileges for the entire instance. The attack is possible remotely, without requiring any credentials.

Impact

An attacker can gain full administrative access to a GitHub Enterprise Server instance without authentication, which in practice means unlimited control over repositories, users, data, and system configuration.

Mitigation & patch

Update GitHub Enterprise Server to version 3.9.15, 3.10.12, 3.11.10, or 3.12.4 (depending on the branch in use). As an immediate remedial measure, consider disabling the optional SAML encrypted assertions feature until the patch is deployed.

Who is affected

All versions of GitHub Enterprise Server earlier than 3.13.0 using SAML SSO with encrypted assertions feature enabled.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:C/RE:M/U:Red
  • GitHub Enterprise Server

    APP
    Github
    < 3.9.153.10.0 – 3.10.12 (bez)3.11.0 – 3.11.10 (bez)3.12.0 – 3.12.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-9312CRITICAL9.2ten sam produkt

A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an ...

CVE-2024-9487CRITICAL9.5PL ✓ten sam produkt

Obejście uwierzytelniania SAML SSO w GitHub Enterprise Server

CVE-2024-6800CRITICAL9.5PL ✓ten sam produkt

XML Signature Wrapping w GitHub Enterprise Server — fałszowanie SAML

CVE-2024-2443CRITICAL9.1PL ✓ten sam produkt

Command injection w GitHub Enterprise Server — eskalacja do admina SSH

CVE-2024-1369CRITICAL9.1PL ✓ten sam produkt

Command injection w GitHub Enterprise Server — przejęcie dostępu SSH admina