Critical Security Advisory Issued for the GitHub Enterprise Server

Published on October 19, 2024
Written by:
Lore Apostol
Lore Apostol
Infosec Writer & Editor

GitHub has released an urgent security advisory concerning a critical vulnerability identified as CVE-2024-9487, which affects multiple versions of GitHub Enterprise Server (GHES). Given a CVSS score of 9.5, the vulnerability is deemed critical and requires immediate action from affected users.

The vulnerability allows attackers to bypass SAML Single Sign-On (SSO) authentication, which could result in unauthorized user provisioning and access to sensitive GitHub instances. Exploiting this vulnerability requires attackers to have the encrypted assertions feature enabled, direct network access, and a signed SAML response or metadata document. 

The potential consequences include unauthorized access to source code, sensitive project data, and developer credentials, which could lead to data breaches and development pipeline sabotage.

Organizations utilizing GHES to manage their infrastructure, security, and compliance are particularly at risk. Failure to patch these vulnerabilities promptly may also lead to regulatory penalties, especially in industries with stringent data protection and cybersecurity regulations.

To mitigate the risks associated with this vulnerability, organizations should follow these best practices:

In July, a network of GitHub accounts called Stargazers Ghost Network was observed distributing malware or malicious links via north of 3,000 accounts used for malware distribution that mostly focuses on infostealers. This Distribution-as-a-Service is operated and maintained by the Stargazer Goblin threat actor.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: