Security News > 2024 > September > GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions
2024-09-19 05:07
GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week. The
News URL
https://thehackernews.com/2024/09/gitlab-patches-critical-saml.html
Related news
- GitLab patches critical authentication bypass vulnerabilities (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software (source)
- PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) (source)
- Hackers exploit authentication bypass in Palo Alto Networks PAN-OS (source)
- Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication (source)
- Juniper patches critical auth bypass in Session Smart routers (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Critical flaw in Next.js lets hackers bypass authorization (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-45409 | The Ruby SAML library is for implementing the client side of a SAML authorization. | 9.8 |