CVE-2024-45409: GitLab’s 10.0 Severity Security Fix

GitLab has released updates to address a critical vulnerability in its Community Edition (CE) and Enterprise Edition (EE) versions, which could result in authentication bypass. The issue is tied to the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), allowing an attacker to log in as an arbitrary user.

The root cause of the vulnerability lies in the improper validation of SAML response signatures. SAML (Security Assertion Markup Language) is a protocol enabling Single Sign-On (SSO) and the exchange of authentication and authorization data between applications and websites.

Experts highlighted that an attacker with access to signed SAML documents could forge a SAML response with entirely arbitrary content, thereby gaining unauthorized access under any user.

The vulnerability also affects the omniauth-saml library, for which an update to version 2.2.1 was issued, upgrading ruby-saml to version 1.17.0. Patches apply to GitLab versions 17.3.3, 17.2.7, 17.1.8, 17.0.8, and 16.11.10.

As a precaution, GitLab advises users to enable two-factor authentication (2FA) for all accounts and to disable the option to bypass 2FA via SAML.

Though there have been no reported cases of the vulnerability’s exploitation, the company has provided indicators of potential attacks, suggesting that malicious actors may attempt to exploit the flaw to gain access to vulnerable GitLab systems.

Successful exploitation attempts will be recorded in logs related to SAML events, while failed attempts may trigger validation errors in the RubySaml library.