An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.
Metrics
Affected Vendors & Products
References
History
Mon, 30 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* | |
Metrics |
cvssV3_1
|
Thu, 22 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when utilizing SAML authentication with specific identity providers. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program. | An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program. |
Tue, 20 Aug 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Github
Github enterprise Server |
|
CPEs | cpe:2.3:a:github:enterprise_server:-:*:*:*:*:*:*:* | |
Vendors & Products |
Github
Github enterprise Server |
|
Metrics |
ssvc
|
Tue, 20 Aug 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when utilizing SAML authentication with specific identity providers. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program. | |
Weaknesses | CWE-347 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_P
Published: 2024-08-20T19:21:31.409Z
Updated: 2024-08-22T14:18:09.305Z
Reserved: 2024-07-16T19:05:26.418Z
Link: CVE-2024-6800
Vulnrichment
Updated: 2024-08-20T20:34:50.645Z
NVD
Status : Analyzed
Published: 2024-08-20T20:15:09.910
Modified: 2024-09-30T19:14:50.430
Link: CVE-2024-6800
Redhat
No data.