Security
Headlines
HeadlinesLatestCVEs

Headline

GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week. The

The Hacker News
#vulnerability#web#apache#git#perl#auth#ruby#The Hacker News

Enterprise Security / DevOps

GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass.

The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week.

The problem as a result of the library not properly verifying the signature of the SAML Response. SAML, short for Security Assertion Markup Language, is a protocol that enables single sign-on (SSO) and exchange of authentication and authorization data across multiple apps and websites.

"An unauthenticated attacker with access to any signed SAML document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents, according to a security advisory. “This would allow the attacker to log in as arbitrary user within the vulnerable system.”

It’s worth noting the flaw also impacts omniauth-saml, which shipped an update of its own (version 2.2.1) to upgrade ruby-saml to version 1.17.

The latest patch from GitLab is designed to update the dependencies omniauth-saml to version 2.2.1 and ruby-saml to 1.17.0. This includes versions 17.3.3, 17.2.7, 17.1.8, 17.0.8, and 16.11.10.

As mitigations, GitLab is urging users of self-managed installations to enable two-factor authentication (2FA) for all accounts and disallow the SAML two-factor bypass option.

GitLab makes no mention of the flaw being exploited in the wild, but it has provided indicators of attempted or successful exploitation, suggesting that threat actors may be actively trying to capitalize on the shortcomings to gain access to susceptible GitLab instances.

“Successful exploitation attempts will trigger SAML related log events,” it said. “A successful exploitation attempt will log whatever extern_id value is set by the attacker attempting exploitation.”

“Unsuccessful exploitation attempts may generate a ValidationError from the RubySaml library. This could be for a variety of reasons related to the complexity of crafting a working exploit.”

The development comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, including a recently disclosed critical bug impacting Apache HugeGraph-Server (CVE-2024-27348, CVSS score: 9.8), based on evidence of active exploitation.

Federal Civilian Executive Branch (FCEB) agencies have been recommended to remediate the identified vulnerabilities by October 9, 2024, to protect their networks against active threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

Russian Script Kiddie Assembles Massive DDoS Botnet

Over the past year, "Matrix" has used publicly available malware tools and exploit scripts to target weakly secured IoT devices — and enterprise servers.

‘Matrix’ Hackers Deploy Massive New IoT Botnet for DDoS Attacks

Aqua Nautilus researchers have discovered a campaign powering a series of large-scale DDoS attacks launched by Matrix, which…

Hackers Hide Remcos RAT in GitHub Repository Comments

The tack highlights bad actors' interest in trusted development and collaboration platforms — and their users.

Debian Security Advisory 5774-1

Debian Linux Security Advisory 5774-1 - It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify the signature of the SAML Response, which could result in bypass of authentication in an application using the ruby-saml library.

GitLab Warns of Max Severity Authentication Bypass Bug

Company urges organizations using self-hosting GitLab instances to apply updates for CVE-2024-45409 as soon as possible.

GHSA-jw9c-mfg7-9rx2: SAML authentication bypass via Incorrect XPath selector

Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability was reported by ahacker1 of SecureSAML ([email protected])

Apache HugeGraph Gremlin Remote Code Execution

This Metasploit module exploits CVE-2024-27348, a remote code execution vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve remote code execution through Gremlin, resulting in complete control over the server.

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP

Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are

GHSA-29rc-vq7f-x335: Apache HugeGraph-Server: Command execution in gremlin

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.

The Hacker News: Latest News

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case