Critical SAML Authentication Bypass vulnerability in Gitlab CE and EE Editions

Date of Publish: 19^th.Sept,2024

Severity: Critical

Affected System

• Gitlab Community Edition (CE)
• Gitlab Enterprise Edition (EE)

Summary

An authentication bypass critical vulnerability is reporting in Community Edition (CE) and Enterprise Edition (EE) that may result in login in to the affected system

Description

This vulnerability is reported in the ruby-saml library which could allow an attacker to log in as an arbitrary user in the affected system. The problem as a result of the library not properly verifying the signature of the SAML Response. An unauthenticated attacker with access to any signed SAML document (by the IdP) can force a SAML Response/Assertion with arbitrary code and take control of the compromised system.

Recommendation

Apply below fix upgrade

https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/

• update the dependencies omniauth-saml to version 2.2.1 and ruby-saml to 1.17.0. This includes versions 17.3.3, 17.2.7, 17.1.8, 17.0.8, and 16.11.10

CVE Name:

CVE-2024-45409

NOTE: The information is provide is on “as is “ basis, without assurance of any kind .

Revision history

1. 19-Sept-24 –  first advisory released. — fix patch released

About The Author

Gaurav Srivastava

15+ years of commended experience in performance in vulnerability assessment and Penetration testing, perform DAST, SAST and SCA scan Application security of web application, OWASP Testing Framework/Application security controls. Testing of webservices, source code analysis, vulnerability patch management .ISO 27001:2005 security audits of function and projects.

See author's posts