GitLab update for omniauth-saml and ruby-saml

1) Improper verification of cryptographic signature

EUVDB-ID: #VU97454

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2024-45409

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass SAML authentication.

The vulnerability exists due to the library does not properly verify the signature of the SAML Response. A remote non-authenticated attacker with access to any signed SAML document (by the IdP) can forge a SAML Response/Assertion with arbitrary contents, bypass authentication process and login under an arbitrary account within the application.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

GitLab Enterprise Edition: 16.0.0 - 17.3.2

Gitlab Community Edition: 16.0.0 - 17.3.2

CPE2.3

• cpe:2.3:a:gitlab:gitlab-ee:17.2.6:*:*:*:*:*:*:
• cpe:2.3:a:gitlab:gitlab-ee:17.3.2:*:*:*:*:*:*:
• cpe:2.3:a:gitlab:gitlab-ee:17.2.5:*:*:*:*:*:*:
• cpe:2.3:a:gitlab:gitlab:17.2.6:*:*:*:*:*:*:
• cpe:2.3:a:gitlab:gitlab:17.3.2:*:*:*:*:*:*:
• cpe:2.3:a:gitlab:gitlab:17.2.5:*:*:*:*:*:*:

External links

http://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.