Security News > 2024 > October > Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)
2024-10-09 12:32
If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analysis of CVE-2024-45409 and an exploit script that may help attackers gain access as any user on GitLab. About CVE-2024-45409 GitLab is a popular software development platform that can be deployed by users on on-premises servers, Kubernetes, or with a cloud provider. CVE-2024-45409 is a critical authentication bypass … More → The post Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/10/09/exploit-cve-2024-45409/
Related news
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files (source)
- Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS (source)
- Critical security hole in Apache Struts under exploit (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-45409 | The Ruby SAML library is for implementing the client side of a SAML authorization. | 9.8 |