GitHub has disclosed and fixed multiple security vulnerabilities affecting its Enterprise Server. These vulnerabilities, reported through the GitHub Bug Bounty program, have been addressed in various versions of the Enterprise Server,
Incorrect Authorization Vulnerability (CVE-2024-6337)
The first vulnerability, identified as CVE-2024-6337, was an Incorrect Authorization issue that allowed a GitHub App with limited permissions to read issue content inside a private repository. This vulnerability was only exploitable via user access token and did not impact installation access tokens. The issue affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16.
XML Signature Wrapping Vulnerability (CVE-2024-6800)
The second vulnerability, CVE-2024-6800, was an XML signature wrapping issue that allowed an attacker to forge a SAML response and gain access to a user with site administrator privileges. This vulnerability was present in GitHub Enterprise Server when utilizing SAML authentication with specific identity providers and affected all versions prior to 3.14. The issue was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16.
Incorrect Authorization Vulnerability (CVE-2024-7711)
The third and final vulnerability, CVE-2024-7711, was another Incorrect Authorization issue that allowed an attacker to update the title, assignees, and labels of any issue inside a public repository. This vulnerability was only exploitable inside a public repository and affected GitHub Enterprise Server versions before 3.14. The issue was fixed in versions 3.13.3, 3.12.8, and 3.11.14, with versions 3.10 remaining unaffected.
References
https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3
https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14
https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8