FOCUS MODE
EXTRACT IOC
MINDMAP
Cyber Attack

CVE-2024-6800 (CVSS 9.5): Critical GitHub Enterprise Server Flaw Patched, Admin Access at Risk

Cyware

Summary: GitHub has disclosed multiple security vulnerabilities in GitHub Enterprise Server (GHES) that could allow unauthorized access to repositories, emphasizing the need for timely updates. The most critical vulnerability, CVE-2024-6800, could enable attackers to gain site administrator privileges through a flaw in the SAML authentication mechanism.

Threat Actor: Unknown | unknown
Victim: GitHub Enterprise Server | GitHub Enterprise Server

Key Point :

  • Three vulnerabilities identified: CVE-2024-6800, CVE-2024-6337, and CVE-2024-7711.
  • CVE-2024-6800 has a critical CVSSv4 score of 9.5, allowing attackers to forge SAML responses for admin access.
  • CVE-2024-6337 permits GitHub Apps to read private issue content, violating access controls.
  • CVE-2024-7711 allows modification of issue titles and labels in public repositories, potentially disrupting workflows.
  • All vulnerabilities affect GHES versions prior to 3.14 and have been patched in the latest updates.

GitHub, the world’s leading software development platform, has recently disclosed multiple security vulnerabilities in GitHub Enterprise Server (GHES) that could have allowed attackers to gain unauthorized access and manipulate repositories. These vulnerabilities, identified as CVE-2024-6800, CVE-2024-6337, and CVE-2024-7711, have now been addressed in the latest security patches, but their potential impact underscores the importance of timely updates and vigilant security practices.

The most severe vulnerability, tracked as CVE-2024-6800, carried a critical CVSSv4 score of 9.5. It resided in GHES’s SAML authentication mechanism and could be exploited by an attacker with direct network access to forge a SAML response, effectively granting themselves site administrator privileges. This essentially bypasses the entire authentication process, leaving the instance wide open to compromise.

Another flaw, CVE-2024-6337 (CVSSv4 5.9), allowed a GitHub App with limited permissions to read issue content within private repositories, a clear violation of intended access controls. While exploitation requires a user access token, it still represents a significant privacy breach.

Lastly, CVE-2024-7711 (CVSSv4 5.3) enabled attackers to modify issue titles, assignees, and labels within public repositories. Although less severe, this could disrupt workflows and cause confusion.

All vulnerabilities affected GHES versions prior to 3.14 and have been addressed in the latest security updates: 3.13.3, 3.12.8, 3.11.14, and 3.10.16. Users are strongly urged to update their installations immediately to mitigate the risk of exploitation.

For more information and detailed instructions on applying the necessary patches, users should refer to the official GitHub security advisories [1,2,3,4].

Related Posts:

Source: https://securityonline.info/cve-2024-6800-cvss-9-5-critical-github-enterprise-server-flaw-patched-admin-access-at-risk

Views: 0

Tags: CVE, VULNERABILITY, IMPACT
en en