Security News > 2024 > September > GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions
2024-09-19 05:07
GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week. The
News URL
https://thehackernews.com/2024/09/gitlab-patches-critical-saml.html
Related news
- GitLab releases fix for critical SAML authentication bypass flaw (source)
- Critical SAP flaw allows remote attackers to bypass authentication (source)
- Ivanti warns of critical vTM auth bypass with public exploit (source)
- GitHub Enterprise Server vulnerable to critical auth bypass flaw (source)
- Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) (source)
- GitLab warns of critical pipeline execution vulnerability (source)
- Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution (source)
- Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) (source)
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
- Critical Ivanti vTM auth bypass bug now exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-45409 | Improper Verification of Cryptographic Signature vulnerability in multiple products The Ruby SAML library is for implementing the client side of a SAML authorization. | 9.8 |