GitLab update for omniauth-saml and ruby-saml



Published: 2024-09-18
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-45409
CWE-ID CWE-347
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		GitLab Enterprise Edition
Universal components / Libraries / Software for developers

Gitlab Community Edition
Universal components / Libraries / Software for developers

Vendor GitLab, Inc

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Improper verification of cryptographic signature

EUVDB-ID: #VU97454

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-45409

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass SAML authentication.

The vulnerability exists due to the library does not properly verify the signature of the SAML Response. A remote non-authenticated attacker with access to any signed SAML document (by the IdP) can forge a SAML Response/Assertion with arbitrary contents, bypass authentication process and login under an arbitrary account within the application.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

GitLab Enterprise Edition: 16.0.0 - 17.3.2

Gitlab Community Edition: 16.0.0 - 17.3.2

CPE2.3 External links

http://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###