CVE-2024-9487 PoC — GitHub Enterprise Server 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2024/CVE-2024-9487.yaml

Associated Vulnerability

Title:GitHub Enterprise Server 安全漏洞 (CVE-2024-9487)
Description:GitHub Enterprise Server是美国GitHub开源的一个应用软件。提供一个将自己的GitHub实例设置为虚拟设备，从而提供可扩展，易于管理的平台。 GitHub Enterprise Server存在安全漏洞，该漏洞源于存在加密签名验证不当的漏洞，允许绕过身份验证，从而导致未经授权的用户配置和实例访问。

Description

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was reported via the GitHub Bug Bounty program.

File Snapshot


 id: CVE-2024-9487

info:
  name: GitHub Enterprise - SAML Authentication Bypass
  author: iamnoooob,

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!