Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: A CRITICAL VULNERABILITY IS AFFECTING GITHUB ENTERPRISE SERVER
Image
Published : 14/11/2024
Reference:
Advisory #2024-267
Version:
1.0
Affected software:
GitHub enterprise Server prior to version 3.15
Type:
SAML SSO authentication bypass
CVE/CVSS:
CVE-2024-9487 CVSS:9.5 (CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/R:U/V:C/RE:M/U:Red)
Sources
Risks
GitHub is an online software development platform used for storing, tracking, and collaborating on software projects.
Firstly, the source code stored in GitHub often contains proprietary or business sensitive data and securing these assets becomes a priority.
Secondly, repositories can also contain sensitive developer centric data such as API keys, Private Keys, OAuth IDs and intellectual property (like source code). Exposure of this content could result in privacy breaches, compromised confidential data and other forms of abuse.
The present vulnerability has a HIGH impact on Confidentiality and Integrity. Lastly, a PoC exploit was published, making exploitation of this vulnerability by attackers even easier.
Description
An improper verification of cryptographic signature vulnerability in GitHub Enterprise Server allows SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance.
Exploitation requires the encrypted assertions feature to be enabled, and the attacker to have direct network access as well as a signed SAML response or metadata document.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for any of the vulnerable software mentioned in the present advisory.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.