CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-4985

Medium Severity
SVRS
36/100
CVSSv3
NA/10
EPSS
0.0043/1

CVE-2024-4985 is a critical authentication bypass vulnerability in GitHub Enterprise Server (GHES) that allows attackers to gain unauthorized access. This flaw affects SAML single sign-on implementations using encrypted assertions, enabling attackers to forge SAML responses and assume site administrator privileges. The vulnerability, patched in GHES versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4, could allow complete control of the GHES instance without any prior authentication. Despite a low SVRS of 36, the potential for complete system compromise makes patching this a high priority. Successful exploitation could lead to data breaches, service disruption, and significant reputational damage. This critical security issue highlights the importance of keeping GHES installations up to date.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-05-20
LAST MODIFIED2024-05-21
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-4985 is an authentication bypass vulnerability in GitHub Enterprise Server (GHES) that allows attackers to forge SAML responses and gain site administrator privileges without prior authentication. This vulnerability affects all GHES versions before 3.13.0 and is actively exploited in the wild.

Key Insights

  • High Severity: The SVRS of 56 indicates a moderate severity, highlighting the need for prompt attention.
  • Exploitation in the Wild: This vulnerability is actively exploited by hackers, making it crucial for organizations to take immediate action.
  • Unauthorized Access: Exploitation of this vulnerability can lead to unauthorized access to GHES instances, potentially compromising sensitive data and disrupting operations.
  • Threat Actors: Specific threat actors or APT groups exploiting this vulnerability are not mentioned in the provided information.

Mitigation Strategies

  • Update GHES: Upgrade to GHES version 3.13.0 or later to patch the vulnerability.
  • Disable Encrypted Assertions: If possible, disable the optional encrypted assertions feature in SAML single sign-on authentication.
  • Implement Multi-Factor Authentication: Enable multi-factor authentication to add an extra layer of security and prevent unauthorized access.
  • Monitor for Suspicious Activity: Regularly monitor GHES logs and systems for any suspicious activity or unauthorized access attempts.

Additional Information

  • The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
  • Users with additional queries can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Wednesday, May 22nd, 2024
Dr. Johannes B. Ullrich2024-05-22
ISC StormCast for Wednesday, May 22nd, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Shodan via nmap; iTerm2 Vulns; GitHub Enterprise Vuln; BitBucket Secret Leaks; MSFT Recall PrivacyScanning without Scanning with nmap https://isc.sans.edu/diary/Scanning%20without%20Scanning%20with%20NMAP%20%28APIs%20FTW%29/30944 iTerm2 Vulnerablities https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators.html GitHub Enterprise Vulnerablity CVE-2024-4985 https://nvd.nist.gov/vuln/detail/CVE-2024-4985 BitBucket Pipelines Leaking Secrets <
sans.edu
rss
forum
news
GitHub patches critical vulnerability in its Enterprise Servers
Christian Vasquez2024-10-16
GitHub patches critical vulnerability in its Enterprise Servers | The “severe” flaw could allow attackers full access to instances. The post GitHub patches critical vulnerability in its Enterprise Servers appeared first on CyberScoop.GitHub’s latest Enterprise Server update fixes a critical vulnerability that allows authentication bypass for on-premise deployments, according to the company. The bug — <a href="https://
cyberscoop.com
rss
forum
news
GitHub addressed a critical vulnerability in Enterprise Server - Security Affairs
2024-10-16
GitHub addressed a critical vulnerability in Enterprise Server - Security Affairs | News Content: GitHub addressed a critical vulnerability in Enterprise Server that could allow unauthorized access to affected instances. Code hosting platform GitHub addressed a critical vulnerability, tracked as CVE-2024-9487 (CVSS score of 9.5), in GitHub Enterprise Server that could lead to unauthorized access to affected instances. An attacker could exploit a cryptographic signature verification flaw in GitHub Enterprise Server to bypass SAML SSOand unauthorized user access. The flaw is an improper verification of cryptographic signature vulnerability that resides in GitHub Enterprise Server. GitHub warns that attackers could exploit
google.com
rss
forum
news
GitHub addressed a critical vulnerability in Enterprise Server
Pierluigi Paganini2024-10-16
GitHub addressed a critical vulnerability in Enterprise Server | GitHub addressed a critical vulnerability in Enterprise Server that could allow unauthorized access to affected instances. Code hosting platform GitHub addressed a critical vulnerability, tracked as CVE-2024-9487 (CVSS score of 9.5), in GitHub Enterprise Server that could lead to unauthorized access to affected instances. An attacker could exploit a cryptographic signature verification flaw in GitHub Enterprise Server [&#8230;] GitHub addressed a critical vulnerability in Enterprise
securityaffairs.co
rss
forum
news
GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access
Ajit Jasrotia2024-10-16
GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access | GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0 &#8220;An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted [&#8230;] The post GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access
allhackernews.com
rss
forum
news
Data Breaches Digest - Week 21 2024
Dunkie ([email protected])2024-05-20
Data Breaches Digest - Week 21 2024 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 20th May and 26th May 2024. 26th May <br
dbdigest.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw Researchers warn that a Mirai-based botnet is exploiting a recently disclosed critical vulnerability in EoL Zyxel NAS devices. Researchers at the Shadowserver Foundation warn that a Mirai-based botnet has started exploiting a recently disclosed vulnerability tracked as CVE-2024-29973 (CVSS score 9.8) in end-of-life NAS devices Zyxel NAS products. The flaw is a command injection vulnerability […] Wikileaks founder Julian Assange is free WikiLeaks founder Julian Assange has been released in the U.K. and has left the country after five
google.com
rss
forum
news

Social Media

@Sec_fortress Yup. And CVE-2024-30078, CVE-2021-44228, CVE-2024-4985, and any of them tbh.
1
0
1
GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) https://t.co/PRC2yCwtPJ https://t.co/qzzHm9caaZ
0
0
0
A critical vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances: https://t.co/ZiVrlTFFda
0
0
0
🚨 CVE Alert: GitHub Enterprise Server (GHES) authentication bypass vulnerability Exploited In-The-Wild (CVSS 10/10)🚨 Vulnerability Details: CVE-2024-4985 (CVSS 10/10) : GitHub Enterprise Server (GHES) authentication bypass vulnerability Impact A successful exploitation of… https://t.co/uByW1nhmqh
0
0
0
GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) #PatchManagement https://t.co/gP3apPUfoR
0
0
0
#GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985): https://t.co/Bz9gmwXxav #vulnerability #cybersecurity
0
0
0
GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985): A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned… https://t.co/ZuSRK2t8Fv https://t.co/C0Vx5P0TMH
0
0
0
GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) https://t.co/Rzy2coMVEc https://t.co/4fcdM8HNR5
0
0
0
GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) - https://t.co/gsbSDq34o5 - @github #Vulnerability #SoftwareDevelopment #DevOps #SecurityUpdate #AuthBypass #CybersecurityNews #InfosecNews
0
0
0
GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) https://t.co/VA1KZtJP4E
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://docs.github.com/en/[email protected]/admin/release-notes#3.10.12
[email protected]https://docs.github.com/en/[email protected]/admin/release-notes#3.11.10
[email protected]https://docs.github.com/en/[email protected]/admin/release-notes#3.12.4
[email protected]https://docs.github.com/en/[email protected]/admin/release-notes#3.9.15

CWE Details

CWE IDCWE NameDescription
CWE-303Incorrect Implementation of Authentication AlgorithmThe requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence