Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
The identified flaw received the highest possible CVSS score.
GitLab has released updates to address a critical vulnerability in its Community Edition (CE) and Enterprise Edition (EE) editions that could lead to authentication bypass. The issue is related to the ruby-saml library ( CVE-2024-45409, CVSS score: 10.0), which allows an attacker to log in as an arbitrary user.
The main cause of the vulnerability lies in incorrect verification of the SAML response signature. SAML (Security Assertion Markup Language) is a protocol that allows the use of a single authentication system (SSO) and the exchange of data for authentication and authorization between applications and websites.
Experts noted that an attacker with access to signed SAML documents can forge a SAML response with absolutely any content. This opens up the possibility of logging in as an arbitrary user.
The vulnerability also affects the omniauth-saml library, for which an update to version 2.2.1 was released to upgrade ruby-saml to version 1.17.0. The patches affect GitLab versions 17.3.3, 17.2.7, 17.1.8, 17.0.8 and 16.11.10.
As a precaution, GitLab recommends that users enable two-factor authentication (2FA) for all accounts and disable the ability to bypass 2FA via SAML.
Despite the lack of information about the recorded cases of exploitation of the vulnerability, the company provided indicators of possible attacks indicating attempts by attackers to exploit this vulnerability to gain access to vulnerable GitLab systems.
Successful attempts to exploit the vulnerability will be recorded in the logs associated with SAML events, while unsuccessful attempts can cause validation errors in the RubySaml library.
Source
GitLab has released updates to address a critical vulnerability in its Community Edition (CE) and Enterprise Edition (EE) editions that could lead to authentication bypass. The issue is related to the ruby-saml library ( CVE-2024-45409, CVSS score: 10.0), which allows an attacker to log in as an arbitrary user.
The main cause of the vulnerability lies in incorrect verification of the SAML response signature. SAML (Security Assertion Markup Language) is a protocol that allows the use of a single authentication system (SSO) and the exchange of data for authentication and authorization between applications and websites.
Experts noted that an attacker with access to signed SAML documents can forge a SAML response with absolutely any content. This opens up the possibility of logging in as an arbitrary user.
The vulnerability also affects the omniauth-saml library, for which an update to version 2.2.1 was released to upgrade ruby-saml to version 1.17.0. The patches affect GitLab versions 17.3.3, 17.2.7, 17.1.8, 17.0.8 and 16.11.10.
As a precaution, GitLab recommends that users enable two-factor authentication (2FA) for all accounts and disable the ability to bypass 2FA via SAML.
Despite the lack of information about the recorded cases of exploitation of the vulnerability, the company provided indicators of possible attacks indicating attempts by attackers to exploit this vulnerability to gain access to vulnerable GitLab systems.
Successful attempts to exploit the vulnerability will be recorded in the logs associated with SAML events, while unsuccessful attempts can cause validation errors in the RubySaml library.
Source
