GitLab Addressed Authentication Bypass Vulnerability in Community Edition (CE) and Enterprise Edition (EE) (CVE-2024-45409)

GitLab released an update to address a vulnerability in the Community Edition (CE) and Enterprise Edition (EE). Tracked as CVE-2024-45409, the vulnerability has a critical severity rating with a CVSS score of 10.

The vulnerability originates from the Ruby SAML library used in multiple GitLab CE/EE versions. The omniauth-saml versions before 2.2.0 and ruby-saml versions before 1.17.0 contain a flaw due to which the Ruby-SAML does not properly verify the signature of the SAML Response. An attacker must have access to any signed SAML document (by the IdP) to exploit the vulnerability. An unauthenticated attacker may forge a SAML Response/Assertion with arbitrary content to bypass authentication and log in as an arbitrary user within the vulnerable system.

GitLab is a web-based DevOps lifecycle solution built by GitLab Inc., providing unrivaled insight and productivity across the DevOps lifecycle in a single application.

Affected versions

The vulnerability affects GitLab Community Edition (CE) and Enterprise Edition (EE) versions before 17.3.3, 17.2.7, 17.1.8, 17.0.8, and 16.11.10.

Mitigation

To patch the vulnerability, customers must upgrade to the GitLab Community Edition (CE) and Enterprise Edition (EE) versions 17.3.3, 17.2.7, 17.1.8, 17.0.8, and 16.11.10.

For more information, please visit the GitLab release announcement page.

Qualys Detection

Qualys customers can scan their devices with QID 380514 to detect vulnerable assets. Additionally, customers can scan their devices with QID 380491 to detect vulnerable Ruby SAML instances.

Please follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References

https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/#saml-authentication-bypass

Leave a Reply

Your email address will not be published. Required fields are marked *