Security News > 2024 > October > Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)
2024-10-09 12:32
If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analysis of CVE-2024-45409 and an exploit script that may help attackers gain access as any user on GitLab. About CVE-2024-45409 GitLab is a popular software development platform that can be deployed by users on on-premises servers, Kubernetes, or with a cloud provider. CVE-2024-45409 is a critical authentication bypass … More → The post Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/10/09/exploit-cve-2024-45409/
Related news
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- GitLab warns of critical arbitrary branch pipeline execution flaw (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-45409 | Improper Verification of Cryptographic Signature vulnerability in multiple products The Ruby SAML library is for implementing the client side of a SAML authorization. | 9.8 |