GitHub Enterprise - SAML Authentication Bypass (CVE-2024-9487)

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was reported via the GitHub Bug Bounty program.

GitHub Enterprise Server中存在一项不恰当的加密签名验证漏洞，该漏洞使得SAML单点登录认证得以绕过，导致未经授权的用户被添加及对实例的访问。漏洞的利用需要启用加密断言功能，攻击者需具备直接的网络访问权限，以及已签名的SAML响应或元数据文档。此漏洞影响了所有低于3.15版本的GitHub Enterprise Server，并在3.11.16、3.12.10、3.13.5和3.14.2版本中得到修复。该漏洞通过GitHub漏洞赏金计划被报告。