Security
Headlines
HeadlinesLatestCVEs

Headline

Ruby-SAML / GitLab Authentication Bypass

This script exploits the issue noted in CVE-2024-45409 that allows an unauthenticated attacker with access to any signed SAML document issued by the IDP to forge a SAML Response/Assertion and gain access as any user on GitLab. Ruby-SAML versions below or equal to 12.2 and versions 1.13.0 through 1.16.0 do not properly verify the signature of the SAML Response.

Packet Storm
#git#perl#auth#ruby

© 2024 Packet Storm. All rights reserved.

Packet Storm: Latest News

Red Hat Security Advisory 2024-8690-03