ByteOS Network

Vulnerability Details :

CVE-2024-9487

Assigner Org ID-82327ea3-741d-41e4-88f8-2cf9e791e760

Published At-10 Oct, 2024 | 21:08

Updated At-11 Oct, 2024 | 15:34

An Improper Verification of Cryptographic Signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed when the encrypted assertions feature was enabled

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was reported via the GitHub Bug Bounty program.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:GitHub_P

Assigner Org ID:82327ea3-741d-41e4-88f8-2cf9e791e760

Published At:10 Oct, 2024 | 21:08

Updated At:11 Oct, 2024 | 15:34

▼CVE Numbering Authority (CNA)

An Improper Verification of Cryptographic Signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed when the encrypted assertions feature was enabled

Affected Products

Vendor

GitHub, Inc.

Product

Enterprise Server

Default Status

affected

Versions

Affected

From 3.11.0 through 3.11.15 (semver)
- -> unaffectedfrom3.11.16
From 3.12.0 through 3.12.9 (semver)
- -> unaffectedfrom3.12.10
From 3.13.0 through 3.13.4 (semver)
- -> unaffectedfrom3.13.5
From 3.14.0 through 3.14.1 (semver)
- -> unaffectedfrom3.14.2

Problem Types

Type	CWE ID	Description
CWE	CWE-347	CWE-347 Improper Verification of Cryptographic Signature

Type: CWE

CWE ID: CWE-347

Description: CWE-347 Improper Verification of Cryptographic Signature

Metrics

Version	Base score	Base severity	Vector
4.0	9.5	CRITICAL	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/R:U/V:C/RE:M/U:Red

Version: 4.0

Base score: 9.5

Base severity: CRITICAL

Vector:

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/R:U/V:C/RE:M/U:Red

Impacts

CAPEC ID	Description
CAPEC-115	CAPEC-115 Authentication Bypass

CAPEC ID: CAPEC-115

Description: CAPEC-115 Authentication Bypass

Credits

finder

SecureSAML.com

References

Hyperlink	Resource
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16	release-notes
https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.10	release-notes
https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.5	release-notes
https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.2	release-notes

Hyperlink: https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16

Resource:

release-notes

Hyperlink: https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.10

Resource:

release-notes

Hyperlink: https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.5

Resource:

release-notes

Hyperlink: https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.2

Resource:

release-notes

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Vendor

GitHub, Inc.

Product

enterprise_server

CPEs

cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

Default Status

affected

Versions

Affected

From 3.11.0 through 3.11.15 (semver)
From 3.12.0 through 3.12.9 (semver)
From 3.13.0 through 3.13.4 (semver)
From 3.14.0 through 3.14.1 (semver)

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:product-cna@github.com

Published At:10 Oct, 2024 | 22:15

Updated At:15 Nov, 2024 | 16:57

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	9.5	CRITICAL	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:C/RE:M/U:Red
Primary	3.1	9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Type: Secondary

Version: 4.0

Base score: 9.5

Base severity: CRITICAL

Vector:

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:C/RE:M/U:Red

Type: Primary

Version: 3.1

Base score: 9.1

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CPE Matches

GitHub, Inc.

>>enterprise_server>>Versions before 3.11.16(exclusive)

cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

GitHub, Inc.

>>enterprise_server>>Versions from 3.12.0(inclusive) to 3.12.10(exclusive)

cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

GitHub, Inc.

>>enterprise_server>>Versions from 3.13.0(inclusive) to 3.13.5(exclusive)

cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

GitHub, Inc.

>>enterprise_server>>Versions from 3.14.0(inclusive) to 3.14.2(exclusive)

cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-347	Primary	nvd@nist.gov
CWE-347	Secondary	product-cna@github.com

CWE ID: CWE-347

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-347

Type: Secondary