GitHub Enterprise Server 3.13.3 tackles critical SAML vulnerability

GitHub has launched Enterprise Server 3.13.3, addressing a number of safety vulnerabilities, together with a important flaw affecting cases utilizing SAML single sign-on. 

Alongside safety patches, the replace delivers bug fixes, minor characteristic enhancements, and modifications to the platform.

Essentially the most urgent problem tackled by this replace is a important vulnerability (CVE-2024-6800) impacting cases using SAML SSO with particular Id Suppliers (IdPs).

CVE-2024-6800 was found via GitHub’s Bug Bounty programme and will permit an attacker to forge a SAML response, doubtlessly granting them entry to person accounts with web site administrator privileges.

This launch additionally addresses two medium-severity vulnerabilities:

• CVE-2024-7711: This vulnerability allowed attackers to change the title, assignees, and labels of points inside public repositories. Non-public and inner repositories remained unaffected.
• CVE-2024-6337: Attackers may exploit this vulnerability to show problem content material from non-public repositories utilizing a GitHub App with particular learn and write permissions. It’s necessary to notice that this exploit required a person entry token and didn’t influence set up entry tokens.

Past safety fixes, 3.13.3 brings a number of notable modifications:

• Enhanced visibility: Customers achieve elevated visibility into the state of gists, networks, and wikis with the addition of app state info throughout the spokesctl data output. Moreover, the spokesctl test command can now diagnose and infrequently rectify empty repository networks.
• Improved stability and efficiency: A number of bug fixes goal points associated to hotpatching, configuration updates, and database migrations, leading to improved system stability.
• Usability enhancements: Directors profit from extra granular management over the utmost object measurement inside repositories. Customers can now customise their hyperlink underline styling preferences throughout the accessibility settings.

Whereas this replace enhances safety and stability, GitHub acknowledges a number of recognized points outlined throughout the official launch notes. These embody potential errors throughout configuration runs, points with audit log information migration, and elevated reminiscence utilisation.

To evaluate the total record of modifications, please seek advice from the official launch notes on GitHub’s web site.

(Picture by Roman Synkevych)

See additionally: Unit 42 researchers uncover important GitHub Actions vulnerability

Need to be taught extra about cybersecurity and the cloud from trade leaders? Try Cyber Safety & Cloud Expo going down in Amsterdam, California, and London. The great occasion is co-located with different main occasions together with BlockX, Digital Transformation Week, IoT Tech Expo, and AI & Large Information Expo.

Discover different upcoming enterprise know-how occasions and webinars powered by TechForge right here.

Tags: coding, cybersecurity, improvement, enterprise server, git, github, infosec, programming, safety, vulnerability