Home Security GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

by


Sep 19, 2024Ravie LakshmananEnterprise Security / DevOps

GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass.

The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week.

The problem as a result of the library not properly verifying the signature of the SAML Response. SAML, short for Security Assertion Markup Language, is a protocol that enables single sign-on (SSO) and exchange of authentication and authorization data across multiple apps and websites.

“An unauthenticated attacker with access to any signed SAML document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents, according to a security advisory. “This would allow the attacker to log in as arbitrary user within the vulnerable system.”

It’s worth noting the flaw also impacts omniauth-saml, which shipped an update of its own (version 2.2.1) to upgrade ruby-saml to version 1.17.

The latest patch from GitLab is designed to update the dependencies omniauth-saml to version 2.2.1 and ruby-saml to 1.17.0. This includes versions 17.3.3, 17.2.7, 17.1.8, 17.0.8, and 16.11.10.

As mitigations, GitLab is urging users of self-managed installations to enable two-factor authentication (2FA) for all accounts and disallow the SAML two-factor bypass option.

Cybersecurity

GitLab makes no mention of the flaw being exploited in the wild, but it has provided indicators of attempted or successful exploitation, suggesting that threat actors may be actively trying to capitalize on the shortcomings to gain access to susceptible GitLab instances.

“Successful exploitation attempts will trigger SAML related log events,” it said. “A successful exploitation attempt will log whatever extern_id value is set by the attacker attempting exploitation.”

“Unsuccessful exploitation attempts may generate a ValidationError from the RubySaml library. This could be for a variety of reasons related to the complexity of crafting a working exploit.”

The development comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, including a recently disclosed critical bug impacting Apache HugeGraph-Server (CVE-2024-27348, CVSS score: 9.8), based on evidence of active exploitation.

Federal Civilian Executive Branch (FCEB) agencies have been recommended to remediate the identified vulnerabilities by October 9, 2024, to protect their networks against active threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex