A extreme SAML authentication vulnerability affected GitLab, which may permit an adversary to bypass SAML authentications for unrestricted entry. GitLab patched this SAML auth flaw with the most recent CE/EE releases.
GitLab SAML Auth Flaw Patched
Based on its newest advisory, GitLab addressed a important SAML auth bypass flaw affecting the self-managed installations.
GitLab makes use of the Safety Assertion Markup Language (SAML) single sign-on (SSO) authentication protocol for validating safe and approved entry to GitLab situations. Nevertheless, as a result of vulnerability, it grew to become doable for an adversary to evade the authentication checks and entry GitLab situations with out authorization.
The vulnerability, tracked as CVE-2024-45409, particularly affected the Ruby SAML library that implements client-side SAML authorization. As a result of improper signature verification of the SAML response, the vulnerability allowed an attacker to forge SAML responses with arbitrary content material. In flip, the attacker may entry the goal methods as an arbitrary consumer.
This vulnerability affected Ruby SAML variations 12.2 by way of 1.13.0, receiving a patch with variations 1.17.0 and 1.12.3, respectively. It acquired a important severity ranking with a CVSS rating of 10.0, indicating the essential nature of the flaw.
Based on GitLab, this vulnerability solely affected GitLab situations with SAML authentication enabled. The service launched the vulnerability repair with GitLab Neighborhood Version (CE) and Enterprise Version (EE) variations 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10.
Though the service urges all customers to patch their methods with the most recent GitLab releases, it additionally shares mitigations. Therefore, customers could apply these mitigations accordingly the place a right away replace isn’t doable. These steps embody enabling two-factor authentication for all consumer accounts on GitLab situations and disabling the SAML two-factor bypass choice.
The requirement for handbook updates applies solely to GitLab self-managed situations. The service confirmed automated updates for GitLab Devoted situations, requiring no additional enter from the customers.
In Could, GitLab additionally patched a severe XSS vulnerability, permitting account takeovers, alongside many different safety vulnerabilities.
Tell us your ideas within the feedback.