GitHub Enterprise Server OAuth Redirect URI Validation Bypass Vulnerability

A vulnerability allowing an OAuth redirect URI validation bypass has been identified in GitHub Enterprise Server. This issue affects all versions prior to 3.21. The vulnerability arises from an incorrect regular expression validation, which enables an attacker to manipulate the OAuth authorization process. By crafting a malicious authorization link that redirects to an attacker-controlled domain, unauthorized access to the victim's account could be gained, exploiting the scopes granted to the OAuth application. The vulnerability requires knowledge of the target application's registered callback URL and could be exploited by redirecting the OAuth authorization code to an attacker-controlled domain, potentially leading to unauthorized access to private repositories.

Impact

Exploitation of this vulnerability could result in unauthorized access to user accounts, allowing attackers to access private repositories and other resources granted by the OAuth application.

Remediation

Users can upgrade to GitHub Enterprise Server versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, or 3.14.26 to address this vulnerability.