Tech News
GitLab Addressed Critical SAML Auth Flaw With Latest Release
A critical SAML authentication vulnerability has been discovered in GitLab, allowing malicious actors to bypass SAML authentication and gain unrestricted access. GitLab has promptly addressed this issue with the latest releases of both the Community Edition (CE) and Enterprise Edition (EE).
GitLab Addresses SAML Authentication Bypass Vulnerability
GitLab has recently released an advisory addressing a critical SAML authentication bypass vulnerability affecting self-managed installations.
GitLab utilizes the Security Assertion Markup Language (SAML) single sign-on (SSO) authentication protocol to ensure secure and authorized access to its instances. However, the vulnerability discovered made it possible for attackers to circumvent the authentication mechanisms and gain unauthorized access to GitLab instances.
Identified as CVE-2024-45409, the vulnerability specifically impacted the Ruby SAML library responsible for implementing client-side SAML authorization. The flaw allowed attackers to manipulate SAML responses by bypassing signature verification, enabling them to access target systems as any user.
The vulnerability affected Ruby SAML versions 12.2 through 1.13.0 and has been patched in versions 1.17.0 and 1.12.3. With a critical severity rating and a CVSS score of 10.0, the significance of this vulnerability cannot be understated.
GitLab confirms that only instances with SAML authentication enabled were affected by this vulnerability. The fix has been rolled out in GitLab CE and EE versions 17.3.3, 17.2.7, 17.1.8, 17.0.8, and 16.11.10.
While GitLab advises users to update to the latest releases, they have also shared mitigation measures for those unable to update immediately. These measures include enabling two-factor authentication for all user accounts and disabling the SAML two-factor bypass option.
Manual updates are required for self-managed GitLab instances, while GitLab Dedicated instances will receive automatic updates without user intervention.
In addition to this SAML vulnerability, GitLab has previously patched a significant XSS vulnerability in May, which could lead to account takeovers and other security risks.
We would love to hear your thoughts on this matter. Please share your comments below.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend