Vulnerability-Lookup

CVE-2024-45409 (GCVE-0-2024-45409)

Vulnerability from cvelistv5 – Published: 2024-09-10 18:50 – Updated: 2024-11-11 17:02

Title

The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector

Summary

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.

Severity

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE

CWE-347 - Improper Verification of Cryptographic Signature

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/SAML-Toolkits/ruby-saml/securi…	x_refsource_CONFIRM
https://github.com/omniauth/omniauth-saml/securit…	x_refsource_MISC
https://github.com/SAML-Toolkits/ruby-saml/commit…	x_refsource_MISC
https://github.com/SAML-Toolkits/ruby-saml/commit…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
SAML-Toolkits	ruby-saml	Affected: < 1.12.3 Affected: >= 1.13.0, < 1.17.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruby-saml",
            "vendor": "onelogin",
            "versions": [
              {
                "lessThan": "1.12.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "1.17.0",
                "status": "affected",
                "version": "1.13.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:omniauth:omniauth-saml:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "omniauth-saml",
            "vendor": "omniauth",
            "versions": [
              {
                "lessThanOrEqual": "2.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45409",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-23T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-16T03:55:11.297Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-11T17:02:31.329Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-attacks/"
          },
          {
            "url": "https://news.ycombinator.com/item?id=41586031"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240926-0008/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00006.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ruby-saml",
          "vendor": "SAML-Toolkits",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.12.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.13.0, \u003c 1.17.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in \u003c= 12.2 and 1.13.0 \u003c= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-11T21:03:29.185Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2"
        },
        {
          "name": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq"
        },
        {
          "name": "https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae"
        },
        {
          "name": "https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7"
        }
      ],
      "source": {
        "advisory": "GHSA-jw9c-mfg7-9rx2",
        "discovery": "UNKNOWN"
      },
      "title": "The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-45409",
    "datePublished": "2024-09-10T18:50:12.965Z",
    "dateReserved": "2024-08-28T20:21:32.804Z",
    "dateUpdated": "2024-11-11T17:02:31.329Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-45409",
      "date": "2026-05-29",
      "epss": "0.44644",
      "percentile": "0.9763"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.12.3\", \"matchCriteriaId\": \"DF41BEEE-FC5B-4728-B9BE-0B58C04F547E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.13.0\", \"versionEndExcluding\": \"1.17.0\", \"matchCriteriaId\": \"ADBA67BE-BC31-48C0-A36F-9431814178C0\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:omniauth:omniauth_saml:*:*:*:*:*:ruby:*:*\", \"versionEndIncluding\": \"1.10.3\", \"matchCriteriaId\": \"6D978907-97A8-4EF4-BF81-FE8702C24745\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:omniauth:omniauth_saml:2.0.0:*:*:*:*:ruby:*:*\", \"matchCriteriaId\": \"527AEDE3-F8EB-4C38-AF51-3B679AC4E336\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:omniauth:omniauth_saml:2.1.0:*:*:*:*:ruby:*:*\", \"matchCriteriaId\": \"3F307538-4D4D-4DD1-A9A0-F4D06E20163E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"16.11.10\", \"matchCriteriaId\": \"7000556E-4EBB-4B99-84B1-A2EEA709311C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.0.0\", \"versionEndExcluding\": \"17.0.8\", \"matchCriteriaId\": \"3B47FDB0-B642-4E50-B0B6-1D71545FE917\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.1.0\", \"versionEndExcluding\": \"17.1.8\", \"matchCriteriaId\": \"86B327A7-22C7-488F-ABA6-3AC90EF07D04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.2.0\", \"versionEndExcluding\": \"17.2.7\", \"matchCriteriaId\": \"E831CA83-DDA9-4F47-BCF8-2CBB7E74C9DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"17.3.0\", \"versionEndExcluding\": \"17.3.3\", \"matchCriteriaId\": \"60003658-012F-4DB8-9D8F-8E48C14CA0C4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in \u003c= 12.2 and 1.13.0 \u003c= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.\"}, {\"lang\": \"es\", \"value\": \"La librer\\u00eda Ruby SAML sirve para implementar el lado del cliente de una autorizaci\\u00f3n SAML. Ruby-SAML en \u0026lt;= 12.2 y 1.13.0 \u0026lt;= 1.16.0 no verifica correctamente la firma de la respuesta SAML. Un atacante no autenticado con acceso a cualquier documento SAML firmado (por el IdP) puede falsificar una respuesta/afirmaci\\u00f3n SAML con contenido arbitrario. Esto le permitir\\u00eda al atacante iniciar sesi\\u00f3n como un usuario arbitrario dentro del sistema vulnerable. Esta vulnerabilidad se solucion\\u00f3 en 1.17.0 y 1.12.3.\"}]",
      "id": "CVE-2024-45409",
      "lastModified": "2024-11-21T09:37:44.377",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.8}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2024-09-10T19:15:22.030",
      "references": "[{\"url\": \"https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/11/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://news.ycombinator.com/item?id=41586031\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240926-0008/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-attacks/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-347\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-45409\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-09-10T19:15:22.030\",\"lastModified\":\"2024-11-21T09:37:44.377\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in \u003c= 12.2 and 1.13.0 \u003c= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.\"},{\"lang\":\"es\",\"value\":\"La librer\u00eda Ruby SAML sirve para implementar el lado del cliente de una autorizaci\u00f3n SAML. Ruby-SAML en \u0026lt;= 12.2 y 1.13.0 \u0026lt;= 1.16.0 no verifica correctamente la firma de la respuesta SAML. Un atacante no autenticado con acceso a cualquier documento SAML firmado (por el IdP) puede falsificar una respuesta/afirmaci\u00f3n SAML con contenido arbitrario. Esto le permitir\u00eda al atacante iniciar sesi\u00f3n como un usuario arbitrario dentro del sistema vulnerable. Esta vulnerabilidad se solucion\u00f3 en 1.17.0 y 1.12.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.12.3\",\"matchCriteriaId\":\"DF41BEEE-FC5B-4728-B9BE-0B58C04F547E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.13.0\",\"versionEndExcluding\":\"1.17.0\",\"matchCriteriaId\":\"ADBA67BE-BC31-48C0-A36F-9431814178C0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:omniauth:omniauth_saml:*:*:*:*:*:ruby:*:*\",\"versionEndIncluding\":\"1.10.3\",\"matchCriteriaId\":\"6D978907-97A8-4EF4-BF81-FE8702C24745\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:omniauth:omniauth_saml:2.0.0:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"527AEDE3-F8EB-4C38-AF51-3B679AC4E336\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:omniauth:omniauth_saml:2.1.0:*:*:*:*:ruby:*:*\",\"matchCriteriaId\":\"3F307538-4D4D-4DD1-A9A0-F4D06E20163E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.11.10\",\"matchCriteriaId\":\"7000556E-4EBB-4B99-84B1-A2EEA709311C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0.0\",\"versionEndExcluding\":\"17.0.8\",\"matchCriteriaId\":\"3B47FDB0-B642-4E50-B0B6-1D71545FE917\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.1.0\",\"versionEndExcluding\":\"17.1.8\",\"matchCriteriaId\":\"86B327A7-22C7-488F-ABA6-3AC90EF07D04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.2.0\",\"versionEndExcluding\":\"17.2.7\",\"matchCriteriaId\":\"E831CA83-DDA9-4F47-BCF8-2CBB7E74C9DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.3.0\",\"versionEndExcluding\":\"17.3.3\",\"matchCriteriaId\":\"60003658-012F-4DB8-9D8F-8E48C14CA0C4\"}]}]}],\"references\":[{\"url\":\"https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/11/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://news.ycombinator.com/item?id=41586031\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240926-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-attacks/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-attacks/\"}, {\"url\": \"https://news.ycombinator.com/item?id=41586031\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240926-0008/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/11/msg00006.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-11-11T17:02:31.329Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45409\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T19:10:27.023853Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*\"], \"vendor\": \"onelogin\", \"product\": \"ruby-saml\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.12.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.13.0\", \"lessThan\": \"1.17.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:omniauth:omniauth-saml:*:*:*:*:*:*:*:*\"], \"vendor\": \"omniauth\", \"product\": \"omniauth-saml\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.1.0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-10T19:18:10.806Z\"}}], \"cna\": {\"title\": \"The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector\", \"source\": {\"advisory\": \"GHSA-jw9c-mfg7-9rx2\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"SAML-Toolkits\", \"product\": \"ruby-saml\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.12.3\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.13.0, \u003c 1.17.0\"}]}], \"references\": [{\"url\": \"https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2\", \"name\": \"https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq\", \"name\": \"https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae\", \"name\": \"https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7\", \"name\": \"https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in \u003c= 12.2 and 1.13.0 \u003c= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-347\", \"description\": \"CWE-347: Improper Verification of Cryptographic Signature\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-09-11T21:03:29.185Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-45409\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-11T17:02:31.329Z\", \"dateReserved\": \"2024-08-28T20:21:32.804Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-09-10T18:50:12.965Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0791

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans GitLab. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
GitLab	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)	GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.2.x antérieures à 17.2.7
GitLab	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)	GitLab Community Edition (CE) et Enterprise Edition (EE) versions antérieures à 16.11.10
GitLab	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)	GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.x antérieures à 17.0.8
GitLab	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)	GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.1.x antérieures à 17.1.8
GitLab	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)	GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.3.x antérieures à 17.3.3

References

Title

Publication Time

Tags

Bulletin de sécurité GitLab

2024-09-17

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.2.x ant\u00e9rieures \u00e0 17.2.7",
      "product": {
        "name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 16.11.10",
      "product": {
        "name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.x ant\u00e9rieures \u00e0 17.0.8",
      "product": {
        "name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.1.x ant\u00e9rieures \u00e0 17.1.8",
      "product": {
        "name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.3.x ant\u00e9rieures \u00e0 17.3.3",
      "product": {
        "name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-45409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45409"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0791",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans GitLab. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Vuln\u00e9rabilit\u00e9 dans GitLab",
  "vendor_advisories": [
    {
      "published_at": "2024-09-17",
      "title": "Bulletin de s\u00e9curit\u00e9 GitLab",
      "url": "https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/"
    }
  ]
}

CERTFR-2024-AVI-0863

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Synology DSM. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Synology	DSM	DSM 6.2 avec Gitlab versions antérieures à 13.12.2-0074

References

Title

Publication Time

Tags

Bulletin de sécurité Synology Synology_SA_24_12

2024-10-09

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "DSM 6.2 avec Gitlab versions ant\u00e9rieures \u00e0 13.12.2-0074",
      "product": {
        "name": "DSM",
        "vendor": {
          "name": "Synology",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-45409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45409"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0863",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Synology DSM. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Vuln\u00e9rabilit\u00e9 dans Synology DSM",
  "vendor_advisories": [
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Synology Synology_SA_24_12",
      "url": "https://www.synology.com/fr-fr/security/advisory/Synology_SA_24_12"
    }
  ]
}

CERTFR-2024-AVI-0791

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans GitLab. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
GitLab	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)	GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.2.x antérieures à 17.2.7
GitLab	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)	GitLab Community Edition (CE) et Enterprise Edition (EE) versions antérieures à 16.11.10
GitLab	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)	GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.x antérieures à 17.0.8
GitLab	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)	GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.1.x antérieures à 17.1.8
GitLab	GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)	GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.3.x antérieures à 17.3.3

References

Title

Publication Time

Tags

Bulletin de sécurité GitLab

2024-09-17

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.2.x ant\u00e9rieures \u00e0 17.2.7",
      "product": {
        "name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 16.11.10",
      "product": {
        "name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.x ant\u00e9rieures \u00e0 17.0.8",
      "product": {
        "name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.1.x ant\u00e9rieures \u00e0 17.1.8",
      "product": {
        "name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    },
    {
      "description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.3.x ant\u00e9rieures \u00e0 17.3.3",
      "product": {
        "name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
        "vendor": {
          "name": "GitLab",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-45409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45409"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0791",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans GitLab. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Vuln\u00e9rabilit\u00e9 dans GitLab",
  "vendor_advisories": [
    {
      "published_at": "2024-09-17",
      "title": "Bulletin de s\u00e9curit\u00e9 GitLab",
      "url": "https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/"
    }
  ]
}

CERTFR-2024-AVI-0863

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Synology DSM. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Synology	DSM	DSM 6.2 avec Gitlab versions antérieures à 13.12.2-0074

References

Title

Publication Time

Tags

Bulletin de sécurité Synology Synology_SA_24_12

2024-10-09

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "DSM 6.2 avec Gitlab versions ant\u00e9rieures \u00e0 13.12.2-0074",
      "product": {
        "name": "DSM",
        "vendor": {
          "name": "Synology",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-45409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45409"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0863",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Synology DSM. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Vuln\u00e9rabilit\u00e9 dans Synology DSM",
  "vendor_advisories": [
    {
      "published_at": "2024-10-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Synology Synology_SA_24_12",
      "url": "https://www.synology.com/fr-fr/security/advisory/Synology_SA_24_12"
    }
  ]
}

BDU:2024-07261

Vulnerability from fstec - Published: 10.09.2024

Title

Уязвимость реализации модуля единого входа в приложения SAML библиотеки Ruby SAML и программной платформы на базе git для совместной работы над кодом GitLab, позволяющая повысить свои привилегии

Description

Уязвимость реализации модуля единого входа в приложения SAML библиотеки Ruby SAML и программной платформы на базе git для совместной работы над кодом GitLab связана с ошибками проверки криптографической подписи. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, повысить свои привилегии путём отправки специально сформированного SAML-ответа

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Vendor

Ruby Team, GitLab Inc.

Software Name

Ruby SAML, Omniauth SAML, Gitlab

Software Version

до 1.17.0 (Ruby SAML), до 1.12.3 (Ruby SAML), от 2.1.0 до 2.2.1 (Omniauth SAML), от 2.1.0 до 2.1.2 (Omniauth SAML), от 1.10.3 до 1.10.5 (Omniauth SAML), до 17.3.3 (Gitlab), до 17.2.7 (Gitlab), до 17.1.8 (Gitlab), до 17.0.8 (Gitlab), до 16.11.10 (Gitlab)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - использование двухфакторной аутентификации для всех учётных записей GitLab; - отключение опции обхода двухфакторной аутентификации SAML в GitLab; - использование SIEM-систем для отслеживания событий журнала, связанных с регистрацией SAML; - использование VPN для организации удалённого доступа к уязвимому программному обеспечению. Использование рекомендаций: https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7 https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/

Reference

https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7 https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/ http://www1.opennet.ru/opennews/art.shtml?num=61893 https://www.securitylab.ru/news/552207.php https://cloud.projectdiscovery.io/?template=CVE-2024-45409&ref=blog.projectdiscovery.io

CWE

CWE-347

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Ruby Team, GitLab Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 1.17.0 (Ruby SAML), \u0434\u043e 1.12.3 (Ruby SAML), \u043e\u0442 2.1.0 \u0434\u043e 2.2.1 (Omniauth SAML), \u043e\u0442 2.1.0 \u0434\u043e 2.1.2 (Omniauth SAML), \u043e\u0442 1.10.3 \u0434\u043e 1.10.5 (Omniauth SAML), \u0434\u043e 17.3.3 (Gitlab), \u0434\u043e 17.2.7 (Gitlab), \u0434\u043e 17.1.8 (Gitlab), \u0434\u043e 17.0.8 (Gitlab), \u0434\u043e 16.11.10 (Gitlab)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 GitLab;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043e\u043f\u0446\u0438\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 SAML \u0432 GitLab;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 SIEM-\u0441\u0438\u0441\u0442\u0435\u043c \u0434\u043b\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u0441\u043e\u0431\u044b\u0442\u0438\u0439 \u0436\u0443\u0440\u043d\u0430\u043b\u0430, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0435\u0439 SAML;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 VPN \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c\u0443 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044e.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae\t\nhttps://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7\t\nhttps://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2\nhttps://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq\nhttps://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "09.10.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.09.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-07261",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-45409",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ruby SAML, Omniauth SAML, Gitlab",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043c\u043e\u0434\u0443\u043b\u044f \u0435\u0434\u0438\u043d\u043e\u0433\u043e \u0432\u0445\u043e\u0434\u0430 \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f SAML \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Ruby SAML \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u043d\u0430 \u0431\u0430\u0437\u0435 git \u0434\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b \u043d\u0430\u0434 \u043a\u043e\u0434\u043e\u043c GitLab, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 (CWE-347)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043c\u043e\u0434\u0443\u043b\u044f \u0435\u0434\u0438\u043d\u043e\u0433\u043e \u0432\u0445\u043e\u0434\u0430 \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f SAML \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Ruby SAML \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u043d\u0430 \u0431\u0430\u0437\u0435 git \u0434\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b \u043d\u0430\u0434 \u043a\u043e\u0434\u043e\u043c GitLab \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u043f\u0443\u0442\u0451\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e SAML-\u043e\u0442\u0432\u0435\u0442\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae\t\nhttps://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7\t\nhttps://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2\nhttps://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq\nhttps://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/\nhttp://www1.opennet.ru/opennews/art.shtml?num=61893\nhttps://www.securitylab.ru/news/552207.php\nhttps://cloud.projectdiscovery.io/?template=CVE-2024-45409\u0026ref=blog.projectdiscovery.io",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-347",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,4)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)"
}

bit-gitlab-2024-45409

Vulnerability from bitnami_vulndb

Published

2024-09-21 07:19

Modified

2025-05-20 10:02

Summary

The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "gitlab",
        "purl": "pkg:bitnami/gitlab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "16.11.10"
            },
            {
              "introduced": "17.0.0"
            },
            {
              "fixed": "17.0.8"
            },
            {
              "introduced": "17.1.0"
            },
            {
              "fixed": "17.1.8"
            },
            {
              "introduced": "17.2.0"
            },
            {
              "fixed": "17.2.7"
            },
            {
              "introduced": "17.3.0"
            },
            {
              "fixed": "17.3.3"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-45409"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
  },
  "details": "The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in \u003c= 12.2 and 1.13.0 \u003c= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.",
  "id": "BIT-gitlab-2024-45409",
  "modified": "2025-05-20T10:02:07.006Z",
  "published": "2024-09-21T07:19:08.053Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "https://news.ycombinator.com/item?id=41586031"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240926-0008/"
    },
    {
      "type": "WEB",
      "url": "https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-attacks/"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45409"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector"
}

FKIE_CVE-2024-45409

Vulnerability from fkie_nvd - Published: 2024-09-10 19:15 - Updated: 2024-11-21 09:37

Severity

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae	Patch
security-advisories@github.com	https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7	Patch
security-advisories@github.com	https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2	Vendor Advisory
security-advisories@github.com	https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/11/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	https://news.ycombinator.com/item?id=41586031
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240926-0008/
af854a3a-2127-422b-91ae-364da2661108	https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-attacks/

Impacted products

Vendor	Product	Version
onelogin	ruby-saml	*
onelogin	ruby-saml	*
omniauth	omniauth_saml	*
omniauth	omniauth_saml	2.0.0
omniauth	omniauth_saml	2.1.0
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*
gitlab	gitlab	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF41BEEE-FC5B-4728-B9BE-0B58C04F547E",
              "versionEndExcluding": "1.12.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADBA67BE-BC31-48C0-A36F-9431814178C0",
              "versionEndExcluding": "1.17.0",
              "versionStartIncluding": "1.13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:omniauth:omniauth_saml:*:*:*:*:*:ruby:*:*",
              "matchCriteriaId": "6D978907-97A8-4EF4-BF81-FE8702C24745",
              "versionEndIncluding": "1.10.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:omniauth:omniauth_saml:2.0.0:*:*:*:*:ruby:*:*",
              "matchCriteriaId": "527AEDE3-F8EB-4C38-AF51-3B679AC4E336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:omniauth:omniauth_saml:2.1.0:*:*:*:*:ruby:*:*",
              "matchCriteriaId": "3F307538-4D4D-4DD1-A9A0-F4D06E20163E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7000556E-4EBB-4B99-84B1-A2EEA709311C",
              "versionEndExcluding": "16.11.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B47FDB0-B642-4E50-B0B6-1D71545FE917",
              "versionEndExcluding": "17.0.8",
              "versionStartIncluding": "17.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "86B327A7-22C7-488F-ABA6-3AC90EF07D04",
              "versionEndExcluding": "17.1.8",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E831CA83-DDA9-4F47-BCF8-2CBB7E74C9DC",
              "versionEndExcluding": "17.2.7",
              "versionStartIncluding": "17.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "60003658-012F-4DB8-9D8F-8E48C14CA0C4",
              "versionEndExcluding": "17.3.3",
              "versionStartIncluding": "17.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in \u003c= 12.2 and 1.13.0 \u003c= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3."
    },
    {
      "lang": "es",
      "value": "La librer\u00eda Ruby SAML sirve para implementar el lado del cliente de una autorizaci\u00f3n SAML. Ruby-SAML en \u0026lt;= 12.2 y 1.13.0 \u0026lt;= 1.16.0 no verifica correctamente la firma de la respuesta SAML. Un atacante no autenticado con acceso a cualquier documento SAML firmado (por el IdP) puede falsificar una respuesta/afirmaci\u00f3n SAML con contenido arbitrario. Esto le permitir\u00eda al atacante iniciar sesi\u00f3n como un usuario arbitrario dentro del sistema vulnerable. Esta vulnerabilidad se solucion\u00f3 en 1.17.0 y 1.12.3."
    }
  ],
  "id": "CVE-2024-45409",
  "lastModified": "2024-11-21T09:37:44.377",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.8,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-09-10T19:15:22.030",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://news.ycombinator.com/item?id=41586031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240926-0008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-attacks/"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-JW9C-MFG7-9RX2

Vulnerability from github – Published: 2024-09-10 19:42 – Updated: 2024-09-20 22:11

Summary

SAML authentication bypass via Incorrect XPath selector

Details

Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system.

This vulnerability was reported by ahacker1 of SecureSAML (ahacker1@securesaml.com)

Severity

10.0 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

9.9 (Critical)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "ruby-saml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.12.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "ruby-saml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.13.0"
            },
            {
              "fixed": "1.17.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-45409"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-10T19:42:03Z",
    "nvd_published_at": "2024-09-10T19:15:22Z",
    "severity": "CRITICAL"
  },
  "details": "Ruby-SAML in \u003c= 12.2 and 1.13.0 \u003c= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system.\n\nThis vulnerability was reported by ahacker1 of SecureSAML (ahacker1@securesaml.com)",
  "id": "GHSA-jw9c-mfg7-9rx2",
  "modified": "2024-09-20T22:11:38Z",
  "published": "2024-09-10T19:42:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45409"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/omniauth/omniauth-saml/commit/4274e9d57e65f2dcaae4aa3b2accf831494f2ddd"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/SAML-Toolkits/ruby-saml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth-saml/CVE-2024-45409.yml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth-saml/GHSA-cvp8-5r8g-fhvq.yml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2024-45409.yml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "SAML authentication bypass via Incorrect XPath selector"
}

WID-SEC-W-2024-2162

Vulnerability from csaf_certbund - Published: 2024-09-17 22:00 - Updated: 2024-10-08 22:00

Summary

GitLab: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: GitLab ist eine Webanwendung zur Versionsverwaltung für Softwareprojekte auf Basis von git. Ruby ist eine interpretierte, objektorientierte Skriptsprache.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in GitLab und Ruby ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme: - Sonstiges - UNIX

CVE-2024-45409

Es besteht eine Schwachstelle in GitLab. Dieser Fehler betrifft die Ruby SAML-Bibliothek aufgrund einer unsachgemäßen Signaturprüfung der SAML-Antwort, wodurch eine SAML-Antwort oder -Assertion mit beliebigem Inhalt gefälscht werden kann. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um die Authentisierung zu umgehen.

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source GitLab <17.1.8 Open Source / GitLab		<17.1.8
Open Source GitLab <17.0.8 Open Source / GitLab		<17.0.8
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Open Source GitLab <17.3.3 Open Source / GitLab		<17.3.3
Open Source Ruby SAML <1.17.0 Open Source / Ruby		SAML <1.17.0
NetApp StorageGRID NetApp	`cpe:/a:netapp:storagegrid:-`	—
Open Source GitLab <17.2.7 Open Source / GitLab		<17.2.7
Open Source Ruby SAML <1.12.3 Open Source / Ruby		SAML <1.12.3
Synology DiskStation Manager GtiLab for DSM 6.2 Synology / DiskStation Manager	`cpe:/a:synology:diskstation_manager:gtilab_for_dsm_6.2`	GtiLab for DSM 6.2
Open Source GitLab <16.11.10 Open Source / GitLab		<16.11.10
Hashicorp Terraform Enterprise <v202409-1 Hashicorp / Terraform		Enterprise <v202409-1

References

7 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://about.gitlab.com/releases/2024/09/17/patc…	external
https://security-tracker.debian.org/tracker/DSA-5774-1	external
https://discuss.hashicorp.com/t/hcsec-2024-19-ter…	external
https://security.netapp.com/advisory/ntap-2024092…	external
https://www.synology.com/en-global/support/securi…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "GitLab ist eine Webanwendung zur Versionsverwaltung f\u00fcr Softwareprojekte auf Basis von git.\r\nRuby ist eine interpretierte, objektorientierte Skriptsprache.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in GitLab und Ruby ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-2162 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2162.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-2162 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2162"
      },
      {
        "category": "external",
        "summary": "GitLab Critical Patch Release vom 2024-09-17",
        "url": "https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5774 vom 2024-09-20",
        "url": "https://security-tracker.debian.org/tracker/DSA-5774-1"
      },
      {
        "category": "external",
        "summary": "Hashicorp Security Bulletin HCSEC-2024-19 vom 2024-09-24",
        "url": "https://discuss.hashicorp.com/t/hcsec-2024-19-terraform-enterprise-s-single-sign-on-and-ruby-saml-s-cve-2024-45409/70203"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20240926-0008 vom 2024-09-26",
        "url": "https://security.netapp.com/advisory/ntap-20240926-0008/"
      },
      {
        "category": "external",
        "summary": "Synology Security Advisory SYNOLOGY-SA-24:12 vom 2024-10-09",
        "url": "https://www.synology.com/en-global/support/security/Synology_SA_24_12"
      }
    ],
    "source_lang": "en-US",
    "title": "GitLab: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2024-10-08T22:00:00.000+00:00",
      "generator": {
        "date": "2024-10-09T08:12:05.630+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-2162",
      "initial_release_date": "2024-09-17T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-09-17T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-09-22T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-09-24T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Hashicorp aufgenommen"
        },
        {
          "date": "2024-09-26T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von NetApp aufgenommen"
        },
        {
          "date": "2024-10-08T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Synology aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Enterprise \u003cv202409-1",
                "product": {
                  "name": "Hashicorp Terraform Enterprise \u003cv202409-1",
                  "product_id": "T030906"
                }
              },
              {
                "category": "product_version",
                "name": "Enterprise v202409-1",
                "product": {
                  "name": "Hashicorp Terraform Enterprise v202409-1",
                  "product_id": "T030906-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hashicorp:terraform:enterprise_v202311-1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Terraform"
          }
        ],
        "category": "vendor",
        "name": "Hashicorp"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "NetApp StorageGRID",
            "product": {
              "name": "NetApp StorageGRID",
              "product_id": "920206",
              "product_identification_helper": {
                "cpe": "cpe:/a:netapp:storagegrid:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c17.3.3",
                "product": {
                  "name": "Open Source GitLab \u003c17.3.3",
                  "product_id": "T037687"
                }
              },
              {
                "category": "product_version",
                "name": "17.3.3",
                "product": {
                  "name": "Open Source GitLab 17.3.3",
                  "product_id": "T037687-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gitlab:gitlab:17.3.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c17.2.7",
                "product": {
                  "name": "Open Source GitLab \u003c17.2.7",
                  "product_id": "T037688"
                }
              },
              {
                "category": "product_version",
                "name": "17.2.7",
                "product": {
                  "name": "Open Source GitLab 17.2.7",
                  "product_id": "T037688-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gitlab:gitlab:17.2.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c17.1.8",
                "product": {
                  "name": "Open Source GitLab \u003c17.1.8",
                  "product_id": "T037690"
                }
              },
              {
                "category": "product_version",
                "name": "17.1.8",
                "product": {
                  "name": "Open Source GitLab 17.1.8",
                  "product_id": "T037690-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gitlab:gitlab:17.1.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c17.0.8",
                "product": {
                  "name": "Open Source GitLab \u003c17.0.8",
                  "product_id": "T037692"
                }
              },
              {
                "category": "product_version",
                "name": "17.0.8",
                "product": {
                  "name": "Open Source GitLab 17.0.8",
                  "product_id": "T037692-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gitlab:gitlab:17.0.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c16.11.10",
                "product": {
                  "name": "Open Source GitLab \u003c16.11.10",
                  "product_id": "T037695"
                }
              },
              {
                "category": "product_version",
                "name": "16.11.10",
                "product": {
                  "name": "Open Source GitLab 16.11.10",
                  "product_id": "T037695-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gitlab:gitlab:16.11.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "GitLab"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "SAML \u003c1.17.0",
                "product": {
                  "name": "Open Source Ruby SAML \u003c1.17.0",
                  "product_id": "T037698"
                }
              },
              {
                "category": "product_version",
                "name": "SAML 1.17.0",
                "product": {
                  "name": "Open Source Ruby SAML 1.17.0",
                  "product_id": "T037698-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ruby-lang:ruby:saml__1.17.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "SAML \u003c1.12.3",
                "product": {
                  "name": "Open Source Ruby SAML \u003c1.12.3",
                  "product_id": "T037699"
                }
              },
              {
                "category": "product_version",
                "name": "SAML 1.12.3",
                "product": {
                  "name": "Open Source Ruby SAML 1.12.3",
                  "product_id": "T037699-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ruby-lang:ruby:saml__1.12.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Ruby"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "GtiLab for DSM 6.2",
                "product": {
                  "name": "Synology DiskStation Manager GtiLab for DSM 6.2",
                  "product_id": "T038078",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:synology:diskstation_manager:gtilab_for_dsm_6.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DiskStation Manager"
          }
        ],
        "category": "vendor",
        "name": "Synology"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-45409",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in GitLab. Dieser Fehler betrifft die Ruby SAML-Bibliothek aufgrund einer unsachgem\u00e4\u00dfen Signaturpr\u00fcfung der SAML-Antwort, wodurch eine SAML-Antwort oder -Assertion mit beliebigem Inhalt gef\u00e4lscht werden kann. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um die Authentisierung zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T037690",
          "T037692",
          "2951",
          "T037687",
          "T037698",
          "920206",
          "T037688",
          "T037699",
          "T038078",
          "T037695",
          "T030906"
        ]
      },
      "release_date": "2024-09-17T22:00:00.000+00:00",
      "title": "CVE-2024-45409"
    }
  ]
}

WID-SEC-W-2024-3626

Vulnerability from csaf_certbund - Published: 2024-12-05 23:00 - Updated: 2024-12-05 23:00

Summary

Illumio Core: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Severity

Hoch

Notes

Produktbeschreibung: Illumio Core ist eine Plattform, die Echtzeit-Transparenz und Kontrolle über Netzwerkverkehr und Anwendungsinteraktionen in Rechenzentren und Cloud-Umgebungen bietet.

Angriff: Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Illumio Core ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme: - Sonstiges

CVE-2024-45409

Es besteht eine Schwachstelle in Illumio Core. Dieser Fehler existiert wegen einer unsachgemäßen Überprüfung der SAML-Autorisierung. Ein entfernter authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um die Authentifizierung zu umgehen und sich als ein anderer SAML-Benutzer zu authentifizieren.

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Illumio Core <24.2.10 Illumio / Core		<24.2.10
Illumio Core <22.5.34 Illumio / Core		<22.5.34
Illumio Core <22.2.43 Illumio / Core		<22.2.43
Illumio Core <23.5.22 Illumio / Core		<23.5.22
Illumio Core <23.2.31 Illumio / Core		<23.2.31
Illumio Core <21.5.37 Illumio / Core		<21.5.37

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://docs.illumio.com/LandingPages/Categories/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Illumio Core ist eine Plattform, die Echtzeit-Transparenz und Kontrolle \u00fcber Netzwerkverkehr und Anwendungsinteraktionen in Rechenzentren und Cloud-Umgebungen bietet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Illumio Core ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3626 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3626.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3626 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3626"
      },
      {
        "category": "external",
        "summary": "Illumio Security Advisory vom 2024-12-05",
        "url": "https://docs.illumio.com/LandingPages/Categories/security-advisories.htm"
      }
    ],
    "source_lang": "en-US",
    "title": "Illumio Core: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2024-12-05T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-06T12:11:07.689+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-3626",
      "initial_release_date": "2024-12-05T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-12-05T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c21.5.37",
                "product": {
                  "name": "Illumio Core \u003c21.5.37",
                  "product_id": "T039610"
                }
              },
              {
                "category": "product_version",
                "name": "21.5.37",
                "product": {
                  "name": "Illumio Core 21.5.37",
                  "product_id": "T039610-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:illumio:core:21.5.37"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c22.2.43",
                "product": {
                  "name": "Illumio Core \u003c22.2.43",
                  "product_id": "T039611"
                }
              },
              {
                "category": "product_version",
                "name": "22.2.43",
                "product": {
                  "name": "Illumio Core 22.2.43",
                  "product_id": "T039611-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:illumio:core:22.2.43"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c22.5.34",
                "product": {
                  "name": "Illumio Core \u003c22.5.34",
                  "product_id": "T039612"
                }
              },
              {
                "category": "product_version",
                "name": "22.5.34",
                "product": {
                  "name": "Illumio Core 22.5.34",
                  "product_id": "T039612-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:illumio:core:22.5.34"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c23.2.31",
                "product": {
                  "name": "Illumio Core \u003c23.2.31",
                  "product_id": "T039613"
                }
              },
              {
                "category": "product_version",
                "name": "23.2.31",
                "product": {
                  "name": "Illumio Core 23.2.31",
                  "product_id": "T039613-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:illumio:core:23.2.31"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c23.5.22",
                "product": {
                  "name": "Illumio Core \u003c23.5.22",
                  "product_id": "T039614"
                }
              },
              {
                "category": "product_version",
                "name": "23.5.22",
                "product": {
                  "name": "Illumio Core 23.5.22",
                  "product_id": "T039614-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:illumio:core:23.5.22"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c24.2.10",
                "product": {
                  "name": "Illumio Core \u003c24.2.10",
                  "product_id": "T039615"
                }
              },
              {
                "category": "product_version",
                "name": "24.2.10",
                "product": {
                  "name": "Illumio Core 24.2.10",
                  "product_id": "T039615-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:illumio:core:24.2.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Core"
          }
        ],
        "category": "vendor",
        "name": "Illumio"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-45409",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Illumio Core. Dieser Fehler existiert wegen einer unsachgem\u00e4\u00dfen \u00dcberpr\u00fcfung der SAML-Autorisierung. Ein entfernter authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um die Authentifizierung zu umgehen und sich als ein anderer SAML-Benutzer zu authentifizieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039615",
          "T039612",
          "T039611",
          "T039614",
          "T039613",
          "T039610"
        ]
      },
      "release_date": "2024-12-05T23:00:00.000+00:00",
      "title": "CVE-2024-45409"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-45409 (GCVE-0-2024-45409)

Solutions

Solutions

Solutions

Solutions

Vulnerability from bitnami_vulndb

Tags

Sightings

Nomenclature