Pirrico
Registered User
- Posts
- 70
- Posts Power
- 70.0%
- Liked
- 16
- Joined
- Sep 17, 2024
GitLab has recently addressed a critical security vulnerability affecting both its Community Edition (CE) and Enterprise Edition (EE). This flaw, stemming from the ruby-saml library (CVE-2024-45409), poses a significant risk of authentication bypass, potentially allowing attackers to log in as any user within the affected system. The severity of this vulnerability is underscored by its perfect CVSS score of 10.0.
The root cause of this security issue lies in the improper verification of SAML Response signatures by the ruby-saml library. SAML, or Security Assertion Markup Language, is a crucial protocol for enabling single sign-on (SSO) and exchanging authentication data across multiple applications. This vulnerability could allow an unauthenticated attacker with access to any IdP-signed SAML document to forge a SAML Response or Assertion with arbitrary contents, effectively bypassing authentication measures.
In response to this threat, GitLab has released patches for various versions of its software, including 17.3.3, 17.2.7, 17.1.8, 17.0.8, and 16.11.10. These updates incorporate the latest versions of omniauth-saml (2.2.1) and ruby-saml (1.17.0) to address the vulnerability. Additionally, GitLab strongly recommends that users of self-managed installations enable two-factor authentication (2FA) for all accounts and disable the SAML two-factor bypass option as mitigating measures.
While GitLab has not reported any instances of this vulnerability being exploited in the wild, they have provided indicators of potential exploitation attempts. These include SAML-related log events and possible ValidationErrors from the RubySaml library. The urgency of addressing this vulnerability is further emphasized by its inclusion in the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities catalog, with a recommended remediation deadline of October 9, 2024, for Federal Civilian Executive Branch agencies.
The root cause of this security issue lies in the improper verification of SAML Response signatures by the ruby-saml library. SAML, or Security Assertion Markup Language, is a crucial protocol for enabling single sign-on (SSO) and exchanging authentication data across multiple applications. This vulnerability could allow an unauthenticated attacker with access to any IdP-signed SAML document to forge a SAML Response or Assertion with arbitrary contents, effectively bypassing authentication measures.
In response to this threat, GitLab has released patches for various versions of its software, including 17.3.3, 17.2.7, 17.1.8, 17.0.8, and 16.11.10. These updates incorporate the latest versions of omniauth-saml (2.2.1) and ruby-saml (1.17.0) to address the vulnerability. Additionally, GitLab strongly recommends that users of self-managed installations enable two-factor authentication (2FA) for all accounts and disable the SAML two-factor bypass option as mitigating measures.
While GitLab has not reported any instances of this vulnerability being exploited in the wild, they have provided indicators of potential exploitation attempts. These include SAML-related log events and possible ValidationErrors from the RubySaml library. The urgency of addressing this vulnerability is further emphasized by its inclusion in the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities catalog, with a recommended remediation deadline of October 9, 2024, for Federal Civilian Executive Branch agencies.