CVE-2024-6800

moderate-risk

Published 2024-08-20

An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.

Do I need to act?

3.0% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Enterprise Server

Affected Vendors

Github

References (4)

Release Notes https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16

Release Notes https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14

Release Notes https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8

Release Notes https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 6/34 · Minimal

Exposure 5/34 · Minimal