Security News > 2024 > September > GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions
2024-09-19 05:07

GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week. The


News URL

https://thehackernews.com/2024/09/gitlab-patches-critical-saml.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-09-10 CVE-2024-45409 The Ruby SAML library is for implementing the client side of a SAML authorization.
network
low complexity
onelogin omniauth gitlab
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Gitlab 10 47 736 246 58 1087